Interface WebInvocationPrivilegeEvaluator
- All Known Implementing Classes:
AuthorizationManagerWebInvocationPrivilegeEvaluator
,DefaultWebInvocationPrivilegeEvaluator
,RequestMatcherDelegatingWebInvocationPrivilegeEvaluator
public interface WebInvocationPrivilegeEvaluator
Allows users to determine whether they have privileges for a given web URI.
- Since:
- 3.0
-
Method Summary
Modifier and TypeMethodDescriptionboolean
isAllowed
(String uri, @Nullable Authentication authentication) Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI.boolean
isAllowed
(String contextPath, String uri, @Nullable String method, @Nullable Authentication authentication) Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI, with the given parameters.
-
Method Details
-
isAllowed
Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI.Note this will only match authorization rules that don't require a certain
HttpMethod
.- Parameters:
uri
- the URI excluding the context path (a default context path setting will be used)
-
isAllowed
boolean isAllowed(String contextPath, String uri, @Nullable String method, @Nullable Authentication authentication) Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI, with the given parameters.Note:
- The default implementation of FilterInvocationSecurityMetadataSource
disregards the
contextPath
when evaluating which secure object metadata applies to a given request URI, so generally thecontextPath
is unimportant unless you are using a customFilterInvocationSecurityMetadataSource
. - this will only match authorization rules that don't require a certain
HttpMethod
.
- Parameters:
uri
- the URI excluding the context pathcontextPath
- the context path (may be null).method
- the HTTP method (or null, for any method)authentication
- the Authentication instance whose authorities should be used in evaluation whether access should be granted.- Returns:
- true if access is allowed, false if denied
- The default implementation of FilterInvocationSecurityMetadataSource
disregards the
-