1 /*
2 * Copyright 2006-2011 the original author or authors.
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
5 * the License. You may obtain a copy of the License at
6 *
7 * https://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
10 * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
11 * specific language governing permissions and limitations under the License.
12 */
13 package org.springframework.security.oauth2.provider.expression;
14
15 import org.springframework.expression.ExpressionParser;
16 import org.springframework.expression.spel.support.StandardEvaluationContext;
17 import org.springframework.security.core.Authentication;
18 import org.springframework.security.web.FilterInvocation;
19 import org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler;
20
21 /**
22 * <p>
23 * A security expression handler that can handle default web security expressions plus the set provided by
24 * {@link OAuth2SecurityExpressionMethods} using the variable oauth2 to access the methods. For example, the expression
25 * <code>#oauth2.clientHasRole('ROLE_ADMIN')</code> would invoke {@link OAuth2SecurityExpressionMethods#clientHasRole}.
26 * </p>
27 * <p>
28 * By default the {@link OAuth2ExpressionParser} is used. If this is undesirable one can inject their own
29 * {@link ExpressionParser} using {@link #setExpressionParser(ExpressionParser)}.
30 * </p>
31 *
32 * @author Dave Syer
33 * @author Rob Winch
34 *
35 * @see OAuth2ExpressionParser
36 */
37 public class OAuth2WebSecurityExpressionHandler extends DefaultWebSecurityExpressionHandler {
38 public OAuth2WebSecurityExpressionHandler() {
39 setExpressionParser(new OAuth2ExpressionParser(getExpressionParser()));
40 }
41
42 @Override
43 protected StandardEvaluationContext createEvaluationContextInternal(Authentication authentication,
44 FilterInvocation invocation) {
45 StandardEvaluationContext ec = super.createEvaluationContextInternal(authentication, invocation);
46 ec.setVariable("oauth2", new OAuth2SecurityExpressionMethods(authentication));
47 return ec;
48 }
49 }