org.springframework.security.access
Interface PermissionEvaluator
- All Superinterfaces:
- AopInfrastructureBean
- All Known Implementing Classes:
- AclPermissionEvaluator, DenyAllPermissionEvaluator
public interface PermissionEvaluator
- extends AopInfrastructureBean
Strategy used in expression evaluation to determine whether a user has a permission or permissions
for a given domain object.
- Since:
- 3.0
hasPermission
boolean hasPermission(Authentication authentication,
Object targetDomainObject,
Object permission)
- Parameters:
authentication - represents the user in question. Should not be null.targetDomainObject - the domain object for which permissions should be checked. May be null
in which case implementations should return false, as the null condition can be checked explicitly
in the expression.permission - a representation of the permission object as supplied by the expression system. Not null.
- Returns:
- true if the permission is granted, false otherwise
hasPermission
boolean hasPermission(Authentication authentication,
Serializable targetId,
String targetType,
Object permission)
- Alternative method for evaluating a permission where only the identifier of the target object
is available, rather than the target instance itself.
- Parameters:
authentication - represents the user in question. Should not be null.targetId - the identifier for the object instance (usually a Long)targetType - a String representing the target's type (usually a Java classname). Not null.permission - a representation of the permission object as supplied by the expression system. Not null.
- Returns:
- true if the permission is granted, false otherwise