org.springframework.security.access.expression

Class SecurityExpressionRoot

java.lang.Object

org.springframework.security.access.expression.SecurityExpressionRoot

All Implemented Interfaces:

SecurityExpressionOperations

Direct Known Subclasses:

MessageSecurityExpressionRoot, WebSecurityExpressionRoot

public abstract class SecurityExpressionRoot
extends Object
implements SecurityExpressionOperations

Base root object for use in Spring Security expression evaluations.

Since:

3.0

Field Summary

Fields

Modifier and Type	Field and Description
String	admin
protected Authentication	authentication
String	create
String	delete
boolean	denyAll Allows "denyAll" expression
boolean	permitAll Allows "permitAll" expression
String	read
String	write

Constructor Summary

Constructors

Constructor and Description
SecurityExpressionRoot(Authentication authentication) Creates a new instance

Method Summary

Methods

Modifier and Type	Method and Description
boolean	denyAll() Always denies access
Authentication	getAuthentication() Gets the Authentication used for evaluating the expressions
Object	getPrincipal() Convenience method to access Authentication.getPrincipal() from getAuthentication()
boolean	hasAnyAuthority(String... authorities) Determines if the SecurityExpressionOperations.getAuthentication() has any of the specified authorities within Authentication.getAuthorities().
boolean	hasAnyRole(String... roles) Determines if the SecurityExpressionOperations.getAuthentication() has any of the specified authorities within Authentication.getAuthorities().
boolean	hasAuthority(String authority) Determines if the SecurityExpressionOperations.getAuthentication() has a particular authority within Authentication.getAuthorities().
boolean	hasPermission(Object target, Object permission) Determines if the SecurityExpressionOperations.getAuthentication() has permission to access the target given the permission
boolean	hasPermission(Object targetId, String targetType, Object permission) Determines if the SecurityExpressionOperations.getAuthentication() has permission to access the domain object with a given id, type, and permission.
boolean	hasRole(String role) Determines if the SecurityExpressionOperations.getAuthentication() has a particular authority within Authentication.getAuthorities().
boolean	isAnonymous() Determines if the SecurityExpressionOperations.getAuthentication() is anonymous
boolean	isAuthenticated() Determines ifthe SecurityExpressionOperations.getAuthentication() is authenticated
boolean	isFullyAuthenticated() Determines if the SecurityExpressionOperations.getAuthentication() authenticated without the use of remember me
boolean	isRememberMe() Determines if the SecurityExpressionOperations.getAuthentication() was authenticated using remember me
boolean	permitAll() Always grants access.
void	setDefaultRolePrefix(String defaultRolePrefix) Sets the default prefix to be added to hasAnyRole(String...) or hasRole(String).
void	setPermissionEvaluator(PermissionEvaluator permissionEvaluator)
void	setRoleHierarchy(RoleHierarchy roleHierarchy)
void	setTrustResolver(AuthenticationTrustResolver trustResolver)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

authentication

protected final Authentication authentication

permitAll

public final boolean permitAll

Allows "permitAll" expression

See Also:

Constant Field Values

denyAll

public final boolean denyAll

Allows "denyAll" expression

See Also:

Constant Field Values

read

public final String read

See Also:

Constant Field Values

write

public final String write

See Also:

Constant Field Values

create

public final String create

See Also:

Constant Field Values

delete

public final String delete

See Also:

Constant Field Values

admin

public final String admin

See Also:

Constant Field Values

Constructor Detail

SecurityExpressionRoot

public SecurityExpressionRoot(Authentication authentication)

Creates a new instance

Parameters:

authentication - the Authentication to use. Cannot be null.

Method Detail

hasAuthority

public final boolean hasAuthority(String authority)

Description copied from interface: SecurityExpressionOperations

Determines if the SecurityExpressionOperations.getAuthentication() has a particular authority within Authentication.getAuthorities(). This is a synonym for SecurityExpressionOperations.hasAuthority(String).

Specified by:

hasAuthority in interface SecurityExpressionOperations

Parameters:

authority - the authority to test (i.e. "ROLE_USER")

Returns:

true if the authority is found, else false

hasAnyAuthority

public final boolean hasAnyAuthority(String... authorities)

Description copied from interface: SecurityExpressionOperations

Determines if the SecurityExpressionOperations.getAuthentication() has any of the specified authorities within Authentication.getAuthorities(). This is a synonym for SecurityExpressionOperations.hasAnyRole(String...).

Specified by:

hasAnyAuthority in interface SecurityExpressionOperations

Parameters:

authorities - the authorities to test (i.e. "ROLE_USER", "ROLE_ADMIN")

Returns:

true if any of the authorities is found, else false

hasRole

public final boolean hasRole(String role)

Description copied from interface: SecurityExpressionOperations

Determines if the SecurityExpressionOperations.getAuthentication() has a particular authority within Authentication.getAuthorities(). This is a synonym for SecurityExpressionOperations.hasAuthority(String).

Specified by:

hasRole in interface SecurityExpressionOperations

Returns:

true if the authority is found, else false

hasAnyRole

public final boolean hasAnyRole(String... roles)

Description copied from interface: SecurityExpressionOperations

Determines if the SecurityExpressionOperations.getAuthentication() has any of the specified authorities within Authentication.getAuthorities(). This is a synonym for SecurityExpressionOperations.hasAnyAuthority(String...).

Specified by:

hasAnyRole in interface SecurityExpressionOperations

Returns:

true if any of the authorities is found, else false

getAuthentication

public final Authentication getAuthentication()

Description copied from interface: SecurityExpressionOperations

Gets the Authentication used for evaluating the expressions

Specified by:

getAuthentication in interface SecurityExpressionOperations

Returns:

the Authentication for evaluating the expressions

permitAll

public final boolean permitAll()

Description copied from interface: SecurityExpressionOperations

Always grants access.

Specified by:

permitAll in interface SecurityExpressionOperations

Returns:

true

denyAll

public final boolean denyAll()

Description copied from interface: SecurityExpressionOperations

Always denies access

Specified by:

denyAll in interface SecurityExpressionOperations

Returns:

false

isAnonymous

public final boolean isAnonymous()

Description copied from interface: SecurityExpressionOperations

Determines if the SecurityExpressionOperations.getAuthentication() is anonymous

Specified by:

isAnonymous in interface SecurityExpressionOperations

Returns:

true if the user is anonymous, else false

isAuthenticated

public final boolean isAuthenticated()

Description copied from interface: SecurityExpressionOperations

Determines ifthe SecurityExpressionOperations.getAuthentication() is authenticated

Specified by:

isAuthenticated in interface SecurityExpressionOperations

Returns:

true if the SecurityExpressionOperations.getAuthentication() is authenticated, else false

isRememberMe

public final boolean isRememberMe()

Description copied from interface: SecurityExpressionOperations

Determines if the SecurityExpressionOperations.getAuthentication() was authenticated using remember me

Specified by:

isRememberMe in interface SecurityExpressionOperations

Returns:

true if the SecurityExpressionOperations.getAuthentication() authenticated using remember me, else false

isFullyAuthenticated

public final boolean isFullyAuthenticated()

Description copied from interface: SecurityExpressionOperations

Determines if the SecurityExpressionOperations.getAuthentication() authenticated without the use of remember me

Specified by:

isFullyAuthenticated in interface SecurityExpressionOperations

Returns:

true if the SecurityExpressionOperations.getAuthentication() authenticated without the use of remember me, else false

getPrincipal

public Object getPrincipal()

Convenience method to access Authentication.getPrincipal() from getAuthentication()

Returns:

setTrustResolver

public void setTrustResolver(AuthenticationTrustResolver trustResolver)

setRoleHierarchy

public void setRoleHierarchy(RoleHierarchy roleHierarchy)

setDefaultRolePrefix

public void setDefaultRolePrefix(String defaultRolePrefix)

Sets the default prefix to be added to hasAnyRole(String...) or hasRole(String). For example, if hasRole("ADMIN") or hasRole("ROLE_ADMIN") is passed in, then the role ROLE_ADMIN will be used when the defaultRolePrefix is "ROLE_" (default).

If null or empty, then no default role prefix is used.

Parameters:

defaultRolePrefix - the default prefix to add to roles. Default "ROLE_".

hasPermission

public boolean hasPermission(Object target,
                    Object permission)

Description copied from interface: SecurityExpressionOperations

Determines if the SecurityExpressionOperations.getAuthentication() has permission to access the target given the permission

Specified by:

hasPermission in interface SecurityExpressionOperations

Parameters:

target - the target domain object to check permission on

permission - the permission to check on the domain object (i.e. "read", "write", etc).

Returns:

true if permission is granted to the SecurityExpressionOperations.getAuthentication(), else false

hasPermission

public boolean hasPermission(Object targetId,
                    String targetType,
                    Object permission)

Description copied from interface: SecurityExpressionOperations

Determines if the SecurityExpressionOperations.getAuthentication() has permission to access the domain object with a given id, type, and permission.

Specified by:

hasPermission in interface SecurityExpressionOperations

Parameters:

targetId - the identifier of the domain object to determine access

targetType - the type (i.e. com.example.domain.Message)

permission - the perission to check on the domain object (i.e. "read", "write", etc)

Returns:

true if permission is granted to the SecurityExpressionOperations.getAuthentication(), else false

setPermissionEvaluator

public void setPermissionEvaluator(PermissionEvaluator permissionEvaluator)