Prevent Method call without Exception using @PreAuthorize Annotation
package com.myapp;

public class MyMethodSecurityInterceptor extends MethodSecurityInterceptor {

    @Override
    public Object invoke(MethodInvocation mi) throws Throwable {
        Object result = null;
        try {
             InterceptorStatusToken token = super.beforeInvocation(mi);             
        } catch (AccessDeniedException e) {
(to be continue...) (continue)
            // access denied - do not invoke the method and  return null
            return null;
        }

        // access granted - proceed with the method invocation
        try {
            result = mi.proceed();
        } finally {
            result = super.afterInvocation(token, result);
        }

        return result;       
        }
}
   
<aop:config>
    <!-- Intercept all relevant methods -->
    <aop:pointcut id="myMethods"
                  expression='execution(* com.myapp.myService+.*(..))'/>
    <aop:advisor advice-ref="mySecurityInterceptor" pointcut-ref="myMethods"/>
</aop:config>

<!-- Configure custom security interceptor -->
<bean id="mySecurityInterceptor"
      class="com.myapp.MyMethodSecurityInterceptor">
    <property name="securityMetadataSource">
        <bean class="org.springframework.security.access.prepost.PrePostAnnotationSecurityMetadataSource">
            <constructor-arg>
                <bean class="org.springframework.security.access.expression.method.ExpressionBasedAnnotationAttributeFactory">
                    <constructor-arg>
                        <bean class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler"/>
                    </constructor-arg>
                </bean>
            </constructor-arg>
        </bean>
    </property>
    <property name="validateConfigAttributes" value="false"/>
    <property name="accessDecisionManager" ref="accessDecisionManager"/>
    <property name="authenticationManager" ref="authenticationManager"/>
</bean>

<!-- Configure AccessDecisionManager -->
<bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
    <property name="decisionVoters">
        <list>
            <bean class="org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter">
                <constructor-arg>
                    <bean class="org.springframework.security.access.expression.method.ExpressionBasedPreInvocationAdvice"/>
                </constructor-arg>
            </bean>
        </list>
    </property>
</bean>

<!-- Configure AuthenticationManager as you wish -->
<!-- ........................................... -->
   
@Aspect
public class AccessDeniedHaltPreventionAdvice {
private final Log logger = LogFactory.getLog(AccessDeniedHaltPrevention.class);

@Around("execution(@org.springframework.security.access.prepost.PreAuthorize * *(..))")
public Object preventAccessDeniedHalting(ProceedingJoinPoint pjp) throws Throwable{
    Object retVal = null;
    try{
        retVal = pjp.proceed();
    }catch(AccessDeniedException ade){
        logger.debug("** Access Denied ** ");
    }catch(Throwable t){
        throw t;
    }
    return retVal;
}
   
<aop:aspectj-autoproxy/>
   
public class SkipMethodCallAccessDecisionManager extends AffirmativeBased {
    @Override
    public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes){
        try{
            super.decide(authentication, object, configAttributes);
        }catch(AccessDeniedException adex){
            logger.debug("Access Denied on:" + object);
        }
    }
}
   
<sec:global-method-security pre-post-annotations="enabled" access-decision-manager-ref="skipMethodCallAccessDecisionManager "/>

<bean id="skipMethodCallAccessDecisionManager" class="com.application.auth.vote.SkipMethodCallAccessDecisionManager ">
    <property name="decisionVoters">
        <list>
            <bean class="org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter">
                <constructor-arg ref="expressionBasedPreInvocationAdvice"/>
            </bean>
            <!-- Insert RoleVoter if required -->
            <bean class="org.springframework.security.access.vote.AuthenticatedVoter"/>         
        </list>
    </property>
</bean>

<bean id="expressionBasedPreInvocationAdvice" class="org.springframework.security.access.expression.method.ExpressionBasedPreInvocationAdvice">
    <property name="expressionHandler" ref="expressionHandler"/>
</bean>

Date: 2012-07-06 14:40:03 and last modified: 2012-07-06 14:40:03

Relate tags:

Hot tags: