google Analytics

Wednesday, September 1, 2010

MethodSecurityInterceptor Example

Spring Security
methodsecurityinterceptor example
The spring-security.xml


<?xml version='1.0' encoding='UTF-8'?>
<bean id='TestBean' class='com.springSecurity.TestBeanImpl'/>
<!--  1. use Spring’s BeanNameAutoProxyCreator and simply list the beans that you’ll want secured -->

  <bean id='autoProxyCreator' class='org.springframework.aop.framework.autoproxy.BeanNameAutoProxyCreator'>
    <property name='interceptorNames'>
    <property name='beanNames'>

<!-- Here the autoproxy creator has been instructed to proxy its beans with a single interceptor, a bean named securityInterceptor.
The securityInterceptor bean is configured as follows --
MethodSecurityInterceptor does for method invocations what FilterSecurityInterceptor 
does for servlet requests. That is, it intercepts the invocation and coordinates the efforts of
the authentication manager and the access decision manager to ensure that method requirements are met.

  <bean id='securityInterceptor' class='org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor'>
    <property name='authenticationManager' ref='authenticationManager'/>
    <property name='accessDecisionManager' ref='accessDecisionManager'/>
    <property name='objectDefinitionSource'>

<!-- Spring Security comes with InMemoryDaoImpl,The userMap property is configured with an org.acegisecurity.userdetails.memory.UserMap
object that defines a set of usernames, passwords, and privileges. -->

  <bean id='userDetailsService' class='org.acegisecurity.userdetails.memory.InMemoryDaoImpl'>
    <property name='userMap'>
<!--    Allows access if at least one voter votes to grant access    Allows access if a consensus of voters vote to grant access    Allows access if all voters vote to grant access

  <bean id='accessDecisionManager' class=''>
    <property name='decisionVoters'>
      <list><ref bean='roleVoter'/></list>

The purpose of ProviderManager is to enable you to
authenticate users against multiple identity management sources.

  <bean id='authenticationManager' class='org.acegisecurity.providers.ProviderManager'>
    <property name='providers'>
      <list><ref bean='authenticationProvider'/></list>

  <bean id='authenticationProvider' class='org.acegisecurity.providers.dao.DaoAuthenticationProvider'>
    <property name='userDetailsService' ref='userDetailsService'/>
The way that RoleVoter decides on its vote is by simply comparing all
of the configuration attributes of the secured resource
(that are prefixed with ROLE_) with all of the authorities
granted to the authenticated user. If RoleVoter
finds a match, it will
cast an ACCESS_GRANTED vote.
Otherwise, it will cast an ACCESS_DENIED vote.

  <bean id='roleVoter' class=''/>



package com.springSecurity;

public interface TestBean {
    public int getValue();
    public void setValue(int value);
    public void changeValue(int value);

public class TestBeanImpl implements TestBean {

    private int value = 0;

    public TestBeanImpl() {

    public int getValue() {
        return this.value;

    // replace the value.
    public void setValue(int value) {
        this.value = value;

    // change the value.
    public void changeValue(int value) {
        this.value += value;

MethodSecurityInterceptor Example
Configuring AOP MethodSecurityInterceptor
MethodSecurityInterceptor (Spring Security 3.0.0.RELEASE API)
securing Method invocation Spring
Spring Security
Using Method Invocation
objectDefinitionSource Example
methodsecurityinterceptor objectdefinitionsource

1 comment: