org.springframework.security.access.expression.method
Class DefaultMethodSecurityExpressionHandler
java.lang.Object
org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler
- All Implemented Interfaces:
- AopInfrastructureBean, MethodSecurityExpressionHandler
public class DefaultMethodSecurityExpressionHandler
- extends Object
- implements MethodSecurityExpressionHandler
The standard implementation of SecurityExpressionHandler.
A single instance should usually be shared amongst the beans that require expression support.
- Since:
- 3.0
Field Summary |
protected org.apache.commons.logging.Log |
logger
|
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
logger
protected final org.apache.commons.logging.Log logger
DefaultMethodSecurityExpressionHandler
public DefaultMethodSecurityExpressionHandler()
createEvaluationContext
public EvaluationContext createEvaluationContext(Authentication auth,
org.aopalliance.intercept.MethodInvocation mi)
- Uses a
MethodSecurityEvaluationContext
as the EvaluationContext implementation and
configures it with a MethodSecurityExpressionRoot
instance as the expression root object.
- Specified by:
createEvaluationContext
in interface MethodSecurityExpressionHandler
filter
public Object filter(Object filterTarget,
Expression filterExpression,
EvaluationContext ctx)
- Description copied from interface:
MethodSecurityExpressionHandler
- Filters a target collection or array.
Only applies to method invocations.
- Specified by:
filter
in interface MethodSecurityExpressionHandler
- Parameters:
filterTarget
- the array or collection to be filtered.filterExpression
- the expression which should be used as the filter condition. If it returns false on
evaluation, the object will be removed from the returned collectionctx
- the current evaluation context (as created through a call to
MethodSecurityExpressionHandler.createEvaluationContext(Authentication, MethodInvocation)
- Returns:
- the filtered collection or array
getExpressionParser
public ExpressionParser getExpressionParser()
- Specified by:
getExpressionParser
in interface MethodSecurityExpressionHandler
- Returns:
- an expression parser for the expressions used by the implementation.
setParameterNameDiscoverer
public void setParameterNameDiscoverer(ParameterNameDiscoverer parameterNameDiscoverer)
setPermissionEvaluator
public void setPermissionEvaluator(PermissionEvaluator permissionEvaluator)
setTrustResolver
public void setTrustResolver(AuthenticationTrustResolver trustResolver)
setReturnObject
public void setReturnObject(Object returnObject,
EvaluationContext ctx)
- Description copied from interface:
MethodSecurityExpressionHandler
- Used to inform the expression system of the return object for the given evaluation context.
Only applies to method invocations.
- Specified by:
setReturnObject
in interface MethodSecurityExpressionHandler
- Parameters:
returnObject
- the return object valuectx
- the context within which the object should be set (as created through a call to
MethodSecurityExpressionHandler.createEvaluationContext(Authentication, MethodInvocation)
setRoleHierarchy
public void setRoleHierarchy(RoleHierarchy roleHierarchy)