Package org.springframework.security.web.access.expression

Class DefaultWebSecurityExpressionHandler

java.lang.Object

org.springframework.security.access.expression.AbstractSecurityExpressionHandler<FilterInvocation>

org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler

All Implemented Interfaces:

org.springframework.aop.framework.AopInfrastructureBean, org.springframework.beans.factory.Aware, org.springframework.context.ApplicationContextAware, SecurityExpressionHandler<FilterInvocation>

public class DefaultWebSecurityExpressionHandler
extends AbstractSecurityExpressionHandler<FilterInvocation>
implements SecurityExpressionHandler<FilterInvocation>

Since:

3.0

Constructor Summary

Constructors

Constructor	Description
DefaultWebSecurityExpressionHandler()

Method Summary

Modifier and Type	Method	Description
protected SecurityExpressionOperations	createSecurityExpressionRoot(@Nullable Authentication authentication, FilterInvocation fi)	Implement in order to create a root object of the correct type for the supported invocation type.
void	setDefaultRolePrefix(@Nullable String defaultRolePrefix)	Deprecated. Use AbstractSecurityExpressionHandler.setAuthorizationManagerFactory(AuthorizationManagerFactory) instead
void	setTrustResolver(AuthenticationTrustResolver trustResolver)	Deprecated. Use AbstractSecurityExpressionHandler.setAuthorizationManagerFactory(AuthorizationManagerFactory) instead

Methods inherited from class org.springframework.security.access.expression.AbstractSecurityExpressionHandler

createEvaluationContext, createEvaluationContextInternal, getAuthorizationManagerFactory, getBeanResolver, getDefaultAuthorizationManagerFactory, getExpressionParser, getPermissionEvaluator, getRoleHierarchy, setApplicationContext, setAuthorizationManagerFactory, setExpressionParser, setPermissionEvaluator, setRoleHierarchy

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.springframework.security.access.expression.SecurityExpressionHandler

createEvaluationContext, createEvaluationContext, getExpressionParser

Constructor Details

DefaultWebSecurityExpressionHandler

public DefaultWebSecurityExpressionHandler()

Method Details

createSecurityExpressionRoot

protected SecurityExpressionOperations createSecurityExpressionRoot(@Nullable Authentication authentication,
 FilterInvocation fi)

Description copied from class: AbstractSecurityExpressionHandler

Implement in order to create a root object of the correct type for the supported invocation type.

Specified by:

createSecurityExpressionRoot in class AbstractSecurityExpressionHandler<FilterInvocation>

Parameters:

authentication - the current authentication object

fi - the invocation (filter, method, channel)

Returns:

the object

setTrustResolver

@Deprecated(since="7.0")
public void setTrustResolver(AuthenticationTrustResolver trustResolver)

Deprecated.

Use AbstractSecurityExpressionHandler.setAuthorizationManagerFactory(AuthorizationManagerFactory) instead

Sets the AuthenticationTrustResolver to be used. The default is AuthenticationTrustResolverImpl.

Parameters:

trustResolver - the AuthenticationTrustResolver to use. Cannot be null.

setDefaultRolePrefix

@Deprecated(since="7.0")
public void setDefaultRolePrefix(@Nullable String defaultRolePrefix)

Deprecated.

Use AbstractSecurityExpressionHandler.setAuthorizationManagerFactory(AuthorizationManagerFactory) instead

Sets the default prefix to be added to SecurityExpressionRoot.hasAnyRole(String...) or SecurityExpressionRoot.hasRole(String). For example, if hasRole("ADMIN") or hasRole("ROLE_ADMIN") is passed in, then the role ROLE_ADMIN will be used when the defaultRolePrefix is "ROLE_" (default).

If null or empty, then no default role prefix is used.

Parameters:

defaultRolePrefix - the default prefix to add to roles. Default "ROLE_".