Package org.springframework.security.web.access.expression

Class DefaultHttpSecurityExpressionHandler

java.lang.Object

org.springframework.security.access.expression.AbstractSecurityExpressionHandler<RequestAuthorizationContext>

org.springframework.security.web.access.expression.DefaultHttpSecurityExpressionHandler

All Implemented Interfaces:

org.springframework.aop.framework.AopInfrastructureBean, org.springframework.beans.factory.Aware, org.springframework.context.ApplicationContextAware, SecurityExpressionHandler<RequestAuthorizationContext>

public class DefaultHttpSecurityExpressionHandler
extends AbstractSecurityExpressionHandler<RequestAuthorizationContext>
implements SecurityExpressionHandler<RequestAuthorizationContext>

A SecurityExpressionHandler that uses a RequestAuthorizationContext to create a WebSecurityExpressionRoot.

Since:

5.8

Constructor Summary

Constructors

Constructor	Description
DefaultHttpSecurityExpressionHandler()

Method Summary

Modifier and Type	Method	Description
org.springframework.expression.EvaluationContext	createEvaluationContext(Supplier<? extends @Nullable Authentication> authentication, RequestAuthorizationContext context)	Provides an evaluation context in which to evaluate security expressions for the invocation type.
protected SecurityExpressionOperations	createSecurityExpressionRoot(@Nullable Authentication authentication, RequestAuthorizationContext context)	Implement in order to create a root object of the correct type for the supported invocation type.
void	setDefaultRolePrefix(String defaultRolePrefix)	Deprecated. Use AbstractSecurityExpressionHandler.setAuthorizationManagerFactory(AuthorizationManagerFactory) instead
void	setTrustResolver(AuthenticationTrustResolver trustResolver)	Deprecated. Use AbstractSecurityExpressionHandler.setAuthorizationManagerFactory(AuthorizationManagerFactory) instead

Methods inherited from class org.springframework.security.access.expression.AbstractSecurityExpressionHandler

createEvaluationContext, createEvaluationContextInternal, getAuthorizationManagerFactory, getBeanResolver, getDefaultAuthorizationManagerFactory, getExpressionParser, getPermissionEvaluator, getRoleHierarchy, setApplicationContext, setAuthorizationManagerFactory, setExpressionParser, setPermissionEvaluator, setRoleHierarchy

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.springframework.security.access.expression.SecurityExpressionHandler

createEvaluationContext, getExpressionParser

Constructor Details

DefaultHttpSecurityExpressionHandler

public DefaultHttpSecurityExpressionHandler()

Method Details

createEvaluationContext

public org.springframework.expression.EvaluationContext createEvaluationContext(Supplier<? extends @Nullable Authentication> authentication,
 RequestAuthorizationContext context)

Description copied from interface: SecurityExpressionHandler

Provides an evaluation context in which to evaluate security expressions for the invocation type. You can override this method in order to provide a custom implementation that uses lazy initialization of the Authentication object. By default, this method uses eager initialization of the Authentication object.

Specified by:

createEvaluationContext in interface SecurityExpressionHandler<RequestAuthorizationContext>

Parameters:

authentication - the Supplier of the Authentication to use

context - the SecurityExpressionHandler to use

Returns:

the EvaluationContext to use

createSecurityExpressionRoot

protected SecurityExpressionOperations createSecurityExpressionRoot(@Nullable Authentication authentication,
 RequestAuthorizationContext context)

Description copied from class: AbstractSecurityExpressionHandler

Implement in order to create a root object of the correct type for the supported invocation type.

Specified by:

createSecurityExpressionRoot in class AbstractSecurityExpressionHandler<RequestAuthorizationContext>

Parameters:

authentication - the current authentication object

context - the invocation (filter, method, channel)

Returns:

the object

setTrustResolver

@Deprecated(since="7.0")
public void setTrustResolver(AuthenticationTrustResolver trustResolver)

Deprecated.

Use AbstractSecurityExpressionHandler.setAuthorizationManagerFactory(AuthorizationManagerFactory) instead

Sets the AuthenticationTrustResolver to be used. The default is AuthenticationTrustResolverImpl.

Parameters:

trustResolver - the AuthenticationTrustResolver to use

setDefaultRolePrefix

@Deprecated(since="7.0")
public void setDefaultRolePrefix(String defaultRolePrefix)

Deprecated.

Use AbstractSecurityExpressionHandler.setAuthorizationManagerFactory(AuthorizationManagerFactory) instead

Sets the default prefix to be added to SecurityExpressionRoot.hasAnyRole(String...) or SecurityExpressionRoot.hasRole(String). For example, if hasRole("ADMIN") or hasRole("ROLE_ADMIN") is passed in, then the role ROLE_ADMIN will be used when the defaultRolePrefix is "ROLE_" (default).

Parameters:

defaultRolePrefix - the default prefix to add to roles. The default is "ROLE_".