Package org.springframework.security.web.access

Class AuthorizationManagerWebInvocationPrivilegeEvaluator

  • All Implemented Interfaces:
    org.springframework.beans.factory.Aware, WebInvocationPrivilegeEvaluator, org.springframework.web.context.ServletContextAware
    public final class AuthorizationManagerWebInvocationPrivilegeEvaluator
extends java.lang.Object
implements WebInvocationPrivilegeEvaluator, org.springframework.web.context.ServletContextAware
    An implementation of WebInvocationPrivilegeEvaluator which delegates the checks to an instance of AuthorizationManager
    Since:
    5.5.5

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      boolean isAllowed​(java.lang.String contextPath, java.lang.String uri, java.lang.String method, org.springframework.security.core.Authentication authentication)
      Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI, with the given .
      boolean isAllowed​(java.lang.String uri, org.springframework.security.core.Authentication authentication)
      Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI.
      void setServletContext​(javax.servlet.ServletContext servletContext)  

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • AuthorizationManagerWebInvocationPrivilegeEvaluator

        public AuthorizationManagerWebInvocationPrivilegeEvaluator​(org.springframework.security.authorization.AuthorizationManager<javax.servlet.http.HttpServletRequest> authorizationManager)

    • Method Detail

      • isAllowed

        public boolean isAllowed​(java.lang.String uri,
                         org.springframework.security.core.Authentication authentication)
        Description copied from interface: WebInvocationPrivilegeEvaluator
        Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI.
        Specified by:
        isAllowed in interface WebInvocationPrivilegeEvaluator
        Parameters:
        uri - the URI excluding the context path (a default context path setting will be used)

      • isAllowed

        public boolean isAllowed​(java.lang.String contextPath,
                         java.lang.String uri,
                         java.lang.String method,
                         org.springframework.security.core.Authentication authentication)
        Description copied from interface: WebInvocationPrivilegeEvaluator
        Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI, with the given .

        Note the default implementation of FilterInvocationSecurityMetadataSource disregards the contextPath when evaluating which secure object metadata applies to a given request URI, so generally the contextPath is unimportant unless you are using a custom FilterInvocationSecurityMetadataSource.

        Specified by:
        isAllowed in interface WebInvocationPrivilegeEvaluator
        Parameters:
        contextPath - the context path (may be null).
        uri - the URI excluding the context path
        method - the HTTP method (or null, for any method)
        authentication - the Authentication instance whose authorities should be used in evaluation whether access should be granted.
        Returns:
        true if access is allowed, false if denied

      • setServletContext

        public void setServletContext​(javax.servlet.ServletContext servletContext)
        Specified by:
        setServletContext in interface org.springframework.web.context.ServletContextAware