org.springframework.security.oauth2.provider.expression
Class OAuth2MethodSecurityExpressionHandler

java.lang.Object
  extended by org.springframework.security.access.expression.AbstractSecurityExpressionHandler<org.aopalliance.intercept.MethodInvocation>
      extended by org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler
          extended by org.springframework.security.oauth2.provider.expression.OAuth2MethodSecurityExpressionHandler
All Implemented Interfaces:
AopInfrastructureBean, Aware, ApplicationContextAware, org.springframework.security.access.expression.method.MethodSecurityExpressionHandler, org.springframework.security.access.expression.SecurityExpressionHandler<org.aopalliance.intercept.MethodInvocation>

public class OAuth2MethodSecurityExpressionHandler
extends org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler

A security expression handler that can handle default method security expressions plus the set provided by OAuth2SecurityExpressionMethods using the variable oauth2 to access the methods. For example, the expression #oauth2.clientHasRole('ROLE_ADMIN') would invoke OAuth2SecurityExpressionMethods.clientHasRole(java.lang.String)

Author:
Dave Syer, Rob Winch

Field Summary
 
Fields inherited from class org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler
logger
 
Constructor Summary
OAuth2MethodSecurityExpressionHandler()
           
 
Method Summary
 org.springframework.expression.spel.support.StandardEvaluationContext createEvaluationContextInternal(org.springframework.security.core.Authentication authentication, org.aopalliance.intercept.MethodInvocation mi)
           
 void setThrowExceptionOnInvalidScope(boolean throwException)
          Flag to determine the behaviour on access denied if the reason is .
 
Methods inherited from class org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler
createSecurityExpressionRoot, filter, setParameterNameDiscoverer, setPermissionCacheOptimizer, setReturnObject
 
Methods inherited from class org.springframework.security.access.expression.AbstractSecurityExpressionHandler
createEvaluationContext, getExpressionParser, getPermissionEvaluator, getRoleHierarchy, setApplicationContext, setExpressionParser, setPermissionEvaluator, setRoleHierarchy
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 
Methods inherited from interface org.springframework.security.access.expression.SecurityExpressionHandler
createEvaluationContext, getExpressionParser
 

Constructor Detail

OAuth2MethodSecurityExpressionHandler

public OAuth2MethodSecurityExpressionHandler()
Method Detail

setThrowExceptionOnInvalidScope

public void setThrowExceptionOnInvalidScope(boolean throwException)
Flag to determine the behaviour on access denied if the reason is . If set then we throw an InvalidScopeException instead of returning true. This is unconventional for an access decision because it vetos the other voters in the chain, but it enables us to pass a message to the caller with information about the required scope.

Parameters:
throwException - the flag to set (default true)

createEvaluationContextInternal

public org.springframework.expression.spel.support.StandardEvaluationContext createEvaluationContextInternal(org.springframework.security.core.Authentication authentication,
                                                                                                             org.aopalliance.intercept.MethodInvocation mi)
Overrides:
createEvaluationContextInternal in class org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler


Copyright © 2012. All Rights Reserved.