Class DefaultWebInvocationPrivilegeEvaluator

java.lang.Object
org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator
All Implemented Interfaces:
org.springframework.beans.factory.Aware, WebInvocationPrivilegeEvaluator, org.springframework.web.context.ServletContextAware

@Deprecated public class DefaultWebInvocationPrivilegeEvaluator extends Object implements WebInvocationPrivilegeEvaluator, org.springframework.web.context.ServletContextAware
Allows users to determine whether they have privileges for a given web URI.
Since:
3.0
  • Field Details

    • logger

      protected static final org.apache.commons.logging.Log logger
      Deprecated.
  • Constructor Details

    • DefaultWebInvocationPrivilegeEvaluator

      public DefaultWebInvocationPrivilegeEvaluator(AbstractSecurityInterceptor securityInterceptor)
      Deprecated.
  • Method Details

    • isAllowed

      public boolean isAllowed(String uri, @Nullable Authentication authentication)
      Deprecated.
      Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI.
      Specified by:
      isAllowed in interface WebInvocationPrivilegeEvaluator
      Parameters:
      uri - the URI excluding the context path (a default context path setting will be used)
    • isAllowed

      public boolean isAllowed(@Nullable String contextPath, String uri, @Nullable String method, @Nullable Authentication authentication)
      Deprecated.
      Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI, with the given .

      Note the default implementation of FilterInvocationSecurityMetadataSource disregards the contextPath when evaluating which secure object metadata applies to a given request URI, so generally the contextPath is unimportant unless you are using a custom FilterInvocationSecurityMetadataSource.

      Specified by:
      isAllowed in interface WebInvocationPrivilegeEvaluator
      Parameters:
      uri - the URI excluding the context path
      contextPath - the context path (may be null, in which case a default value will be used).
      method - the HTTP method (or null, for any method)
      authentication - the Authentication instance whose authorities should be used in evaluation whether access should be granted.
      Returns:
      true if access is allowed, false if denied
    • setServletContext

      public void setServletContext(jakarta.servlet.ServletContext servletContext)
      Deprecated.
      Specified by:
      setServletContext in interface org.springframework.web.context.ServletContextAware