Class WebExpressionAuthorizationManager
java.lang.Object
org.springframework.security.web.access.expression.WebExpressionAuthorizationManager
- All Implemented Interfaces:
AuthorizationManager<RequestAuthorizationContext>
public final class WebExpressionAuthorizationManager
extends Object
implements AuthorizationManager<RequestAuthorizationContext>
An expression-based
AuthorizationManager that determines the access by
evaluating the provided expression.- Since:
- 5.8
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic final classAWebExpressionAuthorizationManager.Builderfor constructingWebExpressionAuthorizationManagerinstances. -
Constructor Summary
ConstructorsConstructorDescriptionWebExpressionAuthorizationManager(String expressionString) Creates an instance. -
Method Summary
Modifier and TypeMethodDescriptionauthorize(Supplier<? extends @Nullable Authentication> authentication, RequestAuthorizationContext context) Determines the access by evaluating the provided expression.voidsetExpressionHandler(SecurityExpressionHandler<RequestAuthorizationContext> expressionHandler) Deprecated.toString()Use aDefaultHttpSecurityExpressionHandlerto createWebExpressionAuthorizationManagerinstances.withExpressionHandler(SecurityExpressionHandler<RequestAuthorizationContext> expressionHandler) Use thisSecurityExpressionHandlerto createWebExpressionAuthorizationManagerinstancesMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, waitMethods inherited from interface org.springframework.security.authorization.AuthorizationManager
verify
-
Constructor Details
-
WebExpressionAuthorizationManager
Creates an instance.- Parameters:
expressionString- the raw expression string to parse
-
-
Method Details
-
setExpressionHandler
@Deprecated public void setExpressionHandler(SecurityExpressionHandler<RequestAuthorizationContext> expressionHandler) Deprecated.Sets theSecurityExpressionHandlerto be used. The default isDefaultHttpSecurityExpressionHandler.- Parameters:
expressionHandler- theSecurityExpressionHandlerto use
-
authorize
public AuthorizationResult authorize(Supplier<? extends @Nullable Authentication> authentication, RequestAuthorizationContext context) Determines the access by evaluating the provided expression.- Specified by:
authorizein interfaceAuthorizationManager<RequestAuthorizationContext>- Parameters:
authentication- theSupplierof theAuthenticationto checkcontext- theRequestAuthorizationContextto check- Returns:
- an
ExpressionAuthorizationDecisionbased on the evaluated expression
-
toString
-
withDefaults
Use aDefaultHttpSecurityExpressionHandlerto createWebExpressionAuthorizationManagerinstances.Note that publishing the
WebExpressionAuthorizationManager.Builderas a bean will allow the default expression handler to be configured with a bean provider so that expressions can reference beans- Returns:
- a
WebExpressionAuthorizationManager.Builderfor constructingWebExpressionAuthorizationManagerinstances - Since:
- 7.0
-
withExpressionHandler
public static WebExpressionAuthorizationManager.Builder withExpressionHandler(SecurityExpressionHandler<RequestAuthorizationContext> expressionHandler) Use thisSecurityExpressionHandlerto createWebExpressionAuthorizationManagerinstances- Parameters:
expressionHandler-- Returns:
- a
WebExpressionAuthorizationManager.Builderfor constructingWebExpressionAuthorizationManagerinstances - Since:
- 7.0
-
withDefaults()orwithExpressionHandler(org.springframework.security.access.expression.SecurityExpressionHandler<org.springframework.security.web.access.intercept.RequestAuthorizationContext>)