org.springframework.security.access
Interface PermissionEvaluator

All Superinterfaces:
AopInfrastructureBean
All Known Implementing Classes:
AclPermissionEvaluator, DenyAllPermissionEvaluator

public interface PermissionEvaluator
extends AopInfrastructureBean

Strategy used in expression evaluation to determine whether a user has a permission or permissions for a given domain object.

Since:
3.0

Method Summary
 boolean hasPermission(Authentication authentication, Object targetDomainObject, Object permission)
           
 boolean hasPermission(Authentication authentication, Serializable targetId, String targetType, Object permission)
          Alternative method for evaluating a permission where only the identifier of the target object is available, rather than the target instance itself.
 

Method Detail

hasPermission

boolean hasPermission(Authentication authentication,
                      Object targetDomainObject,
                      Object permission)
Parameters:
authentication - represents the user in question. Should not be null.
targetDomainObject - the domain object for which permissions should be checked. May be null in which case implementations should return false, as the null condition can be checked explicitly in the expression.
permission - a representation of the permission object as supplied by the expression system. Not null.
Returns:
true if the permission is granted, false otherwise

hasPermission

boolean hasPermission(Authentication authentication,
                      Serializable targetId,
                      String targetType,
                      Object permission)
Alternative method for evaluating a permission where only the identifier of the target object is available, rather than the target instance itself.

Parameters:
authentication - represents the user in question. Should not be null.
targetId - the identifier for the object instance (usually a Long)
targetType - a String representing the target's type (usually a Java classname). Not null.
permission - a representation of the permission object as supplied by the expression system. Not null.
Returns:
true if the permission is granted, false otherwise