public class DefaultMethodSecurityExpressionHandler extends AbstractSecurityExpressionHandler<org.aopalliance.intercept.MethodInvocation> implements MethodSecurityExpressionHandler
MethodSecurityExpressionHandler
.
A single instance should usually be shared amongst the beans that require expression support.
Modifier and Type | Field and Description |
---|---|
protected org.apache.commons.logging.Log |
logger |
Constructor and Description |
---|
DefaultMethodSecurityExpressionHandler() |
Modifier and Type | Method and Description |
---|---|
StandardEvaluationContext |
createEvaluationContextInternal(Authentication auth,
org.aopalliance.intercept.MethodInvocation mi)
Uses a
MethodSecurityEvaluationContext as the EvaluationContext implementation. |
protected MethodSecurityExpressionOperations |
createSecurityExpressionRoot(Authentication authentication,
org.aopalliance.intercept.MethodInvocation invocation)
Creates the root object for expression evaluation.
|
Object |
filter(Object filterTarget,
Expression filterExpression,
EvaluationContext ctx)
Filters the
filterTarget object (which must be either a collection or an array), by evaluating the
supplied expression. |
void |
setParameterNameDiscoverer(ParameterNameDiscoverer parameterNameDiscoverer) |
void |
setPermissionCacheOptimizer(PermissionCacheOptimizer permissionCacheOptimizer) |
void |
setReturnObject(Object returnObject,
EvaluationContext ctx)
Used to inform the expression system of the return object for the given evaluation context.
|
createEvaluationContext, getExpressionParser, getPermissionEvaluator, getRoleHierarchy, setApplicationContext, setExpressionParser, setPermissionEvaluator, setRoleHierarchy
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
createEvaluationContext, getExpressionParser
public DefaultMethodSecurityExpressionHandler()
public StandardEvaluationContext createEvaluationContextInternal(Authentication auth, org.aopalliance.intercept.MethodInvocation mi)
MethodSecurityEvaluationContext
as the EvaluationContext implementation.createEvaluationContextInternal
in class AbstractSecurityExpressionHandler<org.aopalliance.intercept.MethodInvocation>
auth
- the current authentication objectmi
- the invocation (filter, method, channel)StandardEvaluationContext
or potentially a custom subclass if overridden.protected MethodSecurityExpressionOperations createSecurityExpressionRoot(Authentication authentication, org.aopalliance.intercept.MethodInvocation invocation)
createSecurityExpressionRoot
in class AbstractSecurityExpressionHandler<org.aopalliance.intercept.MethodInvocation>
authentication
- the current authentication objectinvocation
- the invocation (filter, method, channel)public Object filter(Object filterTarget, Expression filterExpression, EvaluationContext ctx)
filterTarget
object (which must be either a collection or an array), by evaluating the
supplied expression.
If a Collection
is used, the original instance will be modified to contain the elements for which
the permission expression evaluates to true
. For an array, a new array instance will be returned.
filter
in interface MethodSecurityExpressionHandler
filterTarget
- the array or collection to be filtered.filterExpression
- the expression which should be used as the filter condition. If it returns false on
evaluation, the object will be removed from the returned collectionctx
- the current evaluation context (as created through a call to
SecurityExpressionHandler.createEvaluationContext(org.springframework.security.core.Authentication, Object)
public void setParameterNameDiscoverer(ParameterNameDiscoverer parameterNameDiscoverer)
public void setPermissionCacheOptimizer(PermissionCacheOptimizer permissionCacheOptimizer)
public void setReturnObject(Object returnObject, EvaluationContext ctx)
MethodSecurityExpressionHandler
setReturnObject
in interface MethodSecurityExpressionHandler
returnObject
- the return object valuectx
- the context within which the object should be set (as created through a call to
SecurityExpressionHandler.createEvaluationContext(org.springframework.security.core.Authentication, Object)