Package org.springframework.security.web.access

Class RequestMatcherDelegatingWebInvocationPrivilegeEvaluator

java.lang.Object

org.springframework.security.web.access.RequestMatcherDelegatingWebInvocationPrivilegeEvaluator

All Implemented Interfaces:

org.springframework.beans.factory.Aware, WebInvocationPrivilegeEvaluator, org.springframework.web.context.ServletContextAware

public final class RequestMatcherDelegatingWebInvocationPrivilegeEvaluator
extends Object
implements WebInvocationPrivilegeEvaluator, org.springframework.web.context.ServletContextAware

A WebInvocationPrivilegeEvaluator which delegates to a list of WebInvocationPrivilegeEvaluator based on a RequestMatcher evaluation

Since:

5.5.5

Constructor Summary

Constructors

Constructor	Description
RequestMatcherDelegatingWebInvocationPrivilegeEvaluator(List<RequestMatcherEntry<List<WebInvocationPrivilegeEvaluator>>> requestMatcherPrivilegeEvaluatorsEntries)

Method Summary

Modifier and Type	Method	Description
boolean	isAllowed(String contextPath, String uri, String method, Authentication authentication)	Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI.
boolean	isAllowed(String uri, Authentication authentication)	Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI.
void	setServletContext(jakarta.servlet.ServletContext servletContext)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

RequestMatcherDelegatingWebInvocationPrivilegeEvaluator

public RequestMatcherDelegatingWebInvocationPrivilegeEvaluator(List<RequestMatcherEntry<List<WebInvocationPrivilegeEvaluator>>> requestMatcherPrivilegeEvaluatorsEntries)

Method Details

isAllowed

public boolean isAllowed(String uri,
 Authentication authentication)

Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI.

Uses the provided URI in the RequestMatcher.matches(HttpServletRequest) for every RequestMatcher configured. If no RequestMatcher is matched, or if there is not an available WebInvocationPrivilegeEvaluator, returns true.

Specified by:

isAllowed in interface WebInvocationPrivilegeEvaluator

Parameters:

uri - the URI excluding the context path (a default context path setting will be used)

Returns:

true if access is allowed, false if denied

isAllowed

public boolean isAllowed(String contextPath,
 String uri,
 String method,
 Authentication authentication)

Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI.

Uses the provided URI in the RequestMatcher.matches(HttpServletRequest) for every RequestMatcher configured. If no RequestMatcher is matched, or if there is not an available WebInvocationPrivilegeEvaluator, returns true.

Specified by:

isAllowed in interface WebInvocationPrivilegeEvaluator

Parameters:

uri - the URI excluding the context path (a default context path setting will be used)

contextPath - the context path (may be null, in which case a default value will be used).

method - the HTTP method (or null, for any method)

authentication - the Authentication instance whose authorities should be used in evaluation whether access should be granted.

Returns:

true if access is allowed, false if denied

setServletContext

public void setServletContext(jakarta.servlet.ServletContext servletContext)

Specified by:

setServletContext in interface org.springframework.web.context.ServletContextAware