AbstractSecurityExpressionHandler (Spring Security 3.1.3 API)

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.springframework.security.access.expression
Class AbstractSecurityExpressionHandler<T>

java.lang.Object
  org.springframework.security.access.expression.AbstractSecurityExpressionHandler<T>

All Implemented Interfaces:: AopInfrastructureBean, ApplicationContextAware, SecurityExpressionHandler<T>

Direct Known Subclasses:: DefaultMethodSecurityExpressionHandler, DefaultWebSecurityExpressionHandler

public abstract class AbstractSecurityExpressionHandler<T>
extends Object
implements SecurityExpressionHandler<T>, ApplicationContextAware
extends Object
implements SecurityExpressionHandler<T>, ApplicationContextAware

Base implementation of the facade which isolates Spring Security's requirements for evaluating security expressions from the implementation of the underlying expression objects.

Since:: 3.1

Constructor Summary
`AbstractSecurityExpressionHandler()`

Method Summary
`EvaluationContext`	`createEvaluationContext(Authentication authentication, T invocation)` Invokes the internal template methods to create `StandardEvaluationContext` and `SecurityExpressionRoot` objects.
`protected StandardEvaluationContext`	`createEvaluationContextInternal(Authentication authentication, T invocation)` Override to create a custom instance of `StandardEvaluationContext`.
`protected abstract SecurityExpressionOperations`	`createSecurityExpressionRoot(Authentication authentication, T invocation)` Implement in order to create a root object of the correct type for the supported invocation type.
`ExpressionParser`	`getExpressionParser()`
`protected PermissionEvaluator`	`getPermissionEvaluator()`
`protected RoleHierarchy`	`getRoleHierarchy()`
`void`	`setApplicationContext(ApplicationContext applicationContext)`
`void`	`setExpressionParser(ExpressionParser expressionParser)`
`void`	`setPermissionEvaluator(PermissionEvaluator permissionEvaluator)`
`void`	`setRoleHierarchy(RoleHierarchy roleHierarchy)`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

AbstractSecurityExpressionHandler

public AbstractSecurityExpressionHandler()

Method Detail

getExpressionParser

public final ExpressionParser getExpressionParser()

Specified by:: getExpressionParser in interface SecurityExpressionHandler<T>

Returns:: an expression parser for the expressions used by the implementation.

setExpressionParser

public final void setExpressionParser(ExpressionParser expressionParser)

createEvaluationContext

public final EvaluationContext createEvaluationContext(Authentication authentication,
                                                       T invocation)

Invokes the internal template methods to create StandardEvaluationContext and SecurityExpressionRoot objects.

Specified by:: createEvaluationContext in interface SecurityExpressionHandler<T>

Parameters:: authentication - the current authentication object; invocation - the invocation (filter, method, channel)
Returns:: the context object for use in evaluating the expression, populated with a suitable root object.

createEvaluationContextInternal

protected StandardEvaluationContext createEvaluationContextInternal(Authentication authentication,
                                                                    T invocation)

Override to create a custom instance of StandardEvaluationContext.

The returned object will have a SecurityExpressionRootPropertyAccessor added, allowing beans in the ApplicationContext to be accessed via expression properties.

Parameters:: authentication - the current authentication object; invocation - the invocation (filter, method, channel)
Returns:: A StandardEvaluationContext or potentially a custom subclass if overridden.

createSecurityExpressionRoot

protected abstract SecurityExpressionOperations createSecurityExpressionRoot(Authentication authentication,
                                                                             T invocation)

Implement in order to create a root object of the correct type for the supported invocation type.

Parameters:: authentication - the current authentication object; invocation - the invocation (filter, method, channel)
Returns:: the object wh

getRoleHierarchy

protected RoleHierarchy getRoleHierarchy()

setRoleHierarchy

public void setRoleHierarchy(RoleHierarchy roleHierarchy)

getPermissionEvaluator

protected PermissionEvaluator getPermissionEvaluator()

setPermissionEvaluator

public void setPermissionEvaluator(PermissionEvaluator permissionEvaluator)

setApplicationContext

public void setApplicationContext(ApplicationContext applicationContext)

Specified by:: setApplicationContext in interface ApplicationContextAware