org.springframework.security.oauth2.provider.expression
Class OAuth2WebSecurityExpressionHandler

java.lang.Object
  extended by org.springframework.security.access.expression.AbstractSecurityExpressionHandler<org.springframework.security.web.FilterInvocation>
      extended by org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler
          extended by org.springframework.security.oauth2.provider.expression.OAuth2WebSecurityExpressionHandler
All Implemented Interfaces:
AopInfrastructureBean, Aware, ApplicationContextAware, org.springframework.security.access.expression.SecurityExpressionHandler<org.springframework.security.web.FilterInvocation>, org.springframework.security.web.access.expression.WebSecurityExpressionHandler

public class OAuth2WebSecurityExpressionHandler
extends org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler

A security expression handler that can handle default web security expressions plus the set provided by OAuth2SecurityExpressionMethods using the variable oauth2 to access the methods. For example, the expression #oauth2.clientHasRole('ROLE_ADMIN') would invoke OAuth2SecurityExpressionMethods.clientHasRole(java.lang.String).

Author:
Dave Syer, Rob Winch

Constructor Summary
OAuth2WebSecurityExpressionHandler()
           
 
Method Summary
protected  org.springframework.expression.spel.support.StandardEvaluationContext createEvaluationContextInternal(org.springframework.security.core.Authentication authentication, org.springframework.security.web.FilterInvocation invocation)
           
 void setThrowExceptionOnInvalidScope(boolean throwException)
          Flag to determine the behaviour on access denied if the reason is .
 
Methods inherited from class org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler
createSecurityExpressionRoot
 
Methods inherited from class org.springframework.security.access.expression.AbstractSecurityExpressionHandler
getExpressionParser, getPermissionEvaluator, getRoleHierarchy, setApplicationContext, setExpressionParser, setPermissionEvaluator, setRoleHierarchy
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 
Methods inherited from interface org.springframework.security.access.expression.SecurityExpressionHandler
getExpressionParser
 

Constructor Detail

OAuth2WebSecurityExpressionHandler

public OAuth2WebSecurityExpressionHandler()
Method Detail

setThrowExceptionOnInvalidScope

public void setThrowExceptionOnInvalidScope(boolean throwException)
Flag to determine the behaviour on access denied if the reason is . If set then we throw an InvalidScopeException instead of returning true. This is unconventional for an access decision because it vetos the other voters in the chain, but it enables us to pass a message to the caller with information about the required scope.

Parameters:
throwException - the flag to set (default true)

createEvaluationContextInternal

protected org.springframework.expression.spel.support.StandardEvaluationContext createEvaluationContextInternal(org.springframework.security.core.Authentication authentication,
                                                                                                                org.springframework.security.web.FilterInvocation invocation)
Overrides:
createEvaluationContextInternal in class org.springframework.security.access.expression.AbstractSecurityExpressionHandler<org.springframework.security.web.FilterInvocation>


Copyright © 2012. All Rights Reserved.