org.springframework.security.authorization.method.Jsr250AuthorizationManager

All Implemented Interfaces:: AuthorizationManager<org.aopalliance.intercept.MethodInvocation>

public final class Jsr250AuthorizationManager extends Object implements AuthorizationManager<org.aopalliance.intercept.MethodInvocation>

An AuthorizationManager which can determine if an Authentication may invoke the MethodInvocation by evaluating if the Authentication contains a specified authority from the JSR-250 security annotations.

Since:: 5.6

Constructor Summary

Constructors

Constructor

Description

Jsr250AuthorizationManager()
Method Summary

Modifier and Type

Method

Description

@Nullable AuthorizationResult

authorize(Supplier<? extends @Nullable Authentication> authentication, org.aopalliance.intercept.MethodInvocation methodInvocation)

Determines if access is granted for a specific authentication and object.

void

setAuthoritiesAuthorizationManager(AuthorizationManager<Collection<String>> authoritiesAuthorizationManager)

Sets an AuthorizationManager that accepts a collection of authority strings.

void

setRolePrefix(String rolePrefix)

Sets the role prefix.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.springframework.security.authorization.AuthorizationManager
verify

Constructor Details
- Jsr250AuthorizationManager
  
  public Jsr250AuthorizationManager()
Method Details
- setAuthoritiesAuthorizationManager
  
  public void setAuthoritiesAuthorizationManager(AuthorizationManager<Collection<String>> authoritiesAuthorizationManager)
  
  Sets an AuthorizationManager that accepts a collection of authority strings.
  
  Parameters:
  
  authoritiesAuthorizationManager - the AuthorizationManager that accepts a collection of authority strings to use
  
  Since:
  
  6.2
- setRolePrefix
  
  public void setRolePrefix(String rolePrefix)
  
  Sets the role prefix. Defaults to "ROLE_".
  
  Parameters:
  
  rolePrefix - the role prefix to use
- authorize
  
  public @Nullable AuthorizationResult authorize(Supplier<? extends @Nullable Authentication> authentication, org.aopalliance.intercept.MethodInvocation methodInvocation)
  
  Determines if access is granted for a specific authentication and object.
  
  Specified by:
  
  authorize in interface AuthorizationManager<org.aopalliance.intercept.MethodInvocation>
  
  Parameters:
  
  authentication - the Supplier of the Authentication to authorize
  
  methodInvocation - the AuthorizationManager object to authorize
  
  Returns:
  
  an AuthorizationResult

Class Jsr250AuthorizationManager

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Methods inherited from interface org.springframework.security.authorization.AuthorizationManager

Constructor Details

Jsr250AuthorizationManager

Method Details

setAuthoritiesAuthorizationManager

setRolePrefix

authorize