Class Jsr250AuthorizationManager

java.lang.Object
org.springframework.security.authorization.method.Jsr250AuthorizationManager
All Implemented Interfaces:
AuthorizationManager<org.aopalliance.intercept.MethodInvocation>
public final class Jsr250AuthorizationManager extends Object implements AuthorizationManager<org.aopalliance.intercept.MethodInvocation>
An AuthorizationManager which can determine if an Authentication may invoke the MethodInvocation by evaluating if the Authentication contains a specified authority from the JSR-250 security annotations.
Since:
5.6

  • Constructor Details

    • Jsr250AuthorizationManager

      public Jsr250AuthorizationManager()

  • Method Details

    • setAuthoritiesAuthorizationManager

      public void setAuthoritiesAuthorizationManager(AuthorizationManager<Collection<String>> authoritiesAuthorizationManager)
      Sets an AuthorizationManager that accepts a collection of authority strings.
      Parameters:
      authoritiesAuthorizationManager - the AuthorizationManager that accepts a collection of authority strings to use
      Since:
      6.2

    • setRolePrefix

      public void setRolePrefix(String rolePrefix)
      Sets the role prefix. Defaults to "ROLE_".
      Parameters:
      rolePrefix - the role prefix to use

    • authorize

      public @Nullable AuthorizationResult authorize(Supplier<? extends @Nullable Authentication> authentication, org.aopalliance.intercept.MethodInvocation methodInvocation)
      Determines if access is granted for a specific authentication and object.
      Specified by:
      authorize in interface AuthorizationManager<org.aopalliance.intercept.MethodInvocation>
      Parameters:
      authentication - the Supplier of the Authentication to authorize
      methodInvocation - the T object to authorize
      Returns:
      an AuthorizationResult