Class DefaultHttpSecurityExpressionHandler
java.lang.Object
org.springframework.security.access.expression.AbstractSecurityExpressionHandler<RequestAuthorizationContext>
org.springframework.security.web.access.expression.DefaultHttpSecurityExpressionHandler
- All Implemented Interfaces:
org.springframework.aop.framework.AopInfrastructureBean
,org.springframework.beans.factory.Aware
,org.springframework.context.ApplicationContextAware
,SecurityExpressionHandler<RequestAuthorizationContext>
public class DefaultHttpSecurityExpressionHandler
extends AbstractSecurityExpressionHandler<RequestAuthorizationContext>
implements SecurityExpressionHandler<RequestAuthorizationContext>
A
SecurityExpressionHandler
that uses a RequestAuthorizationContext
to
create a WebSecurityExpressionRoot
.- Since:
- 5.8
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionorg.springframework.expression.EvaluationContext
createEvaluationContext
(Supplier<? extends @Nullable Authentication> authentication, RequestAuthorizationContext context) Provides an evaluation context in which to evaluate security expressions for the invocation type.protected SecurityExpressionOperations
createSecurityExpressionRoot
(@Nullable Authentication authentication, RequestAuthorizationContext context) Implement in order to create a root object of the correct type for the supported invocation type.void
setDefaultRolePrefix
(String defaultRolePrefix) Deprecated.void
setTrustResolver
(AuthenticationTrustResolver trustResolver) Deprecated.Methods inherited from class org.springframework.security.access.expression.AbstractSecurityExpressionHandler
createEvaluationContext, createEvaluationContextInternal, getAuthorizationManagerFactory, getBeanResolver, getDefaultAuthorizationManagerFactory, getExpressionParser, getPermissionEvaluator, getRoleHierarchy, setApplicationContext, setAuthorizationManagerFactory, setExpressionParser, setPermissionEvaluator, setRoleHierarchy
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface org.springframework.security.access.expression.SecurityExpressionHandler
createEvaluationContext, getExpressionParser
-
Constructor Details
-
DefaultHttpSecurityExpressionHandler
public DefaultHttpSecurityExpressionHandler()
-
-
Method Details
-
createEvaluationContext
public org.springframework.expression.EvaluationContext createEvaluationContext(Supplier<? extends @Nullable Authentication> authentication, RequestAuthorizationContext context) Description copied from interface:SecurityExpressionHandler
Provides an evaluation context in which to evaluate security expressions for the invocation type. You can override this method in order to provide a custom implementation that uses lazy initialization of theAuthentication
object. By default, this method uses eager initialization of theAuthentication
object.- Specified by:
createEvaluationContext
in interfaceSecurityExpressionHandler<RequestAuthorizationContext>
- Parameters:
authentication
- theSupplier
of theAuthentication
to usecontext
- theSecurityExpressionHandler
to use- Returns:
- the
EvaluationContext
to use
-
createSecurityExpressionRoot
protected SecurityExpressionOperations createSecurityExpressionRoot(@Nullable Authentication authentication, RequestAuthorizationContext context) Description copied from class:AbstractSecurityExpressionHandler
Implement in order to create a root object of the correct type for the supported invocation type.- Specified by:
createSecurityExpressionRoot
in classAbstractSecurityExpressionHandler<RequestAuthorizationContext>
- Parameters:
authentication
- the current authentication objectcontext
- the invocation (filter, method, channel)- Returns:
- the object
-
setTrustResolver
Deprecated.Sets theAuthenticationTrustResolver
to be used. The default isAuthenticationTrustResolverImpl
.- Parameters:
trustResolver
- theAuthenticationTrustResolver
to use
-
setDefaultRolePrefix
Deprecated.Sets the default prefix to be added toSecurityExpressionRoot.hasAnyRole(String...)
orSecurityExpressionRoot.hasRole(String)
. For example, if hasRole("ADMIN") or hasRole("ROLE_ADMIN") is passed in, then the role ROLE_ADMIN will be used when the defaultRolePrefix is "ROLE_" (default).- Parameters:
defaultRolePrefix
- the default prefix to add to roles. The default is "ROLE_".
-
AbstractSecurityExpressionHandler.setAuthorizationManagerFactory(AuthorizationManagerFactory)
instead