Package org.springframework.security.web.access.expression

Class WebSecurityExpressionRoot

java.lang.Object

org.springframework.security.access.expression.SecurityExpressionRoot<RequestAuthorizationContext>

org.springframework.security.web.access.expression.WebSecurityExpressionRoot

All Implemented Interfaces:

SecurityExpressionOperations

public class WebSecurityExpressionRoot
extends SecurityExpressionRoot<RequestAuthorizationContext>

Since:

3.0

Field Summary

Fields

Modifier and Type	Field	Description
final jakarta.servlet.http.HttpServletRequest	request	Allows direct access to the request object

Fields inherited from class org.springframework.security.access.expression.SecurityExpressionRoot

admin, create, delete, denyAll, permitAll, read, write

Constructor Summary

Constructors

Constructor	Description
WebSecurityExpressionRoot(@Nullable Authentication a, FilterInvocation fi)	Deprecated. Use WebSecurityExpressionRoot(Supplier, RequestAuthorizationContext) instead
WebSecurityExpressionRoot(Supplier<? extends @Nullable Authentication> authentication, jakarta.servlet.http.HttpServletRequest request)	Deprecated. Use WebSecurityExpressionRoot(Supplier, RequestAuthorizationContext) instead
WebSecurityExpressionRoot(Supplier<? extends @Nullable Authentication> authentication, RequestAuthorizationContext context)	Creates an instance for the given Supplier of the Authentication and HttpServletRequest.

Method Summary

Modifier and Type	Method	Description
boolean	hasIpAddress(String ipAddress)	Takes a specific IP address or a range using the IP/Netmask (e.g.

Methods inherited from class org.springframework.security.access.expression.SecurityExpressionRoot

denyAll, getAuthentication, getPrincipal, hasAllAuthorities, hasAllRoles, hasAnyAuthority, hasAnyRole, hasAuthority, hasPermission, hasPermission, hasRole, isAnonymous, isAuthenticated, isFullyAuthenticated, isRememberMe, permitAll, setAuthorizationManagerFactory, setDefaultRolePrefix, setPermissionEvaluator, setRoleHierarchy, setTrustResolver

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

request

public final jakarta.servlet.http.HttpServletRequest request

Allows direct access to the request object

Constructor Details

WebSecurityExpressionRoot

@Deprecated(since="7.0")
public WebSecurityExpressionRoot(@Nullable Authentication a,
 FilterInvocation fi)

Deprecated.

Use WebSecurityExpressionRoot(Supplier, RequestAuthorizationContext) instead

WebSecurityExpressionRoot

@Deprecated(since="7.0")
public WebSecurityExpressionRoot(Supplier<? extends @Nullable Authentication> authentication,
 jakarta.servlet.http.HttpServletRequest request)

Deprecated.

Use WebSecurityExpressionRoot(Supplier, RequestAuthorizationContext) instead

Creates an instance for the given Supplier of the Authentication and HttpServletRequest.

Parameters:

authentication - the Supplier of the Authentication to use

request - the HttpServletRequest to use

Since:

5.8

WebSecurityExpressionRoot

public WebSecurityExpressionRoot(Supplier<? extends @Nullable Authentication> authentication,
 RequestAuthorizationContext context)

Creates an instance for the given Supplier of the Authentication and HttpServletRequest.

Parameters:

authentication - the Supplier of the Authentication to use

context - the RequestAuthorizationContext to use

Since:

7.0

Method Details

hasIpAddress

public boolean hasIpAddress(String ipAddress)

Takes a specific IP address or a range using the IP/Netmask (e.g. 192.168.1.0/24 or 202.24.0.0/14).

Parameters:

ipAddress - the address or range of addresses from which the request must come.

Returns:

true if the IP address of the current request is in the required range.