org.springframework.security.access.expression.method

Class DefaultMethodSecurityExpressionHandler

java.lang.Object

org.springframework.security.access.expression.AbstractSecurityExpressionHandler<org.aopalliance.intercept.MethodInvocation>

org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler

All Implemented Interfaces:

AopInfrastructureBean, Aware, ApplicationContextAware, MethodSecurityExpressionHandler, SecurityExpressionHandler<org.aopalliance.intercept.MethodInvocation>

public class DefaultMethodSecurityExpressionHandler
extends AbstractSecurityExpressionHandler<org.aopalliance.intercept.MethodInvocation>
implements MethodSecurityExpressionHandler

The standard implementation of MethodSecurityExpressionHandler.

A single instance should usually be shared amongst the beans that require expression support.

Since:

3.0

Field Summary

Fields

Modifier and Type	Field and Description
protected org.apache.commons.logging.Log	logger

Constructor Summary

Constructors

Constructor and Description
DefaultMethodSecurityExpressionHandler()

Method Summary

Methods

Modifier and Type	Method and Description
StandardEvaluationContext	createEvaluationContextInternal(Authentication auth, org.aopalliance.intercept.MethodInvocation mi) Uses a MethodSecurityEvaluationContext as the EvaluationContext implementation.
protected MethodSecurityExpressionOperations	createSecurityExpressionRoot(Authentication authentication, org.aopalliance.intercept.MethodInvocation invocation) Creates the root object for expression evaluation.
Object	filter(Object filterTarget, Expression filterExpression, EvaluationContext ctx) Filters the filterTarget object (which must be either a collection or an array), by evaluating the supplied expression.
void	setDefaultRolePrefix(String defaultRolePrefix) Sets the default prefix to be added to #hasAnyRole(String...) or #hasRole(String).
void	setParameterNameDiscoverer(ParameterNameDiscoverer parameterNameDiscoverer) Sets the ParameterNameDiscoverer to use.
void	setPermissionCacheOptimizer(PermissionCacheOptimizer permissionCacheOptimizer)
void	setReturnObject(Object returnObject, EvaluationContext ctx) Used to inform the expression system of the return object for the given evaluation context.
void	setTrustResolver(AuthenticationTrustResolver trustResolver) Sets the AuthenticationTrustResolver to be used.

Methods inherited from class org.springframework.security.access.expression.AbstractSecurityExpressionHandler

createEvaluationContext, getExpressionParser, getPermissionEvaluator, getRoleHierarchy, setApplicationContext, setExpressionParser, setPermissionEvaluator, setRoleHierarchy

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.springframework.security.access.expression.SecurityExpressionHandler

createEvaluationContext, getExpressionParser

Field Detail

logger

protected final org.apache.commons.logging.Log logger

Constructor Detail

DefaultMethodSecurityExpressionHandler

public DefaultMethodSecurityExpressionHandler()

Method Detail

createEvaluationContextInternal

public StandardEvaluationContext createEvaluationContextInternal(Authentication auth,
                                                        org.aopalliance.intercept.MethodInvocation mi)

Uses a MethodSecurityEvaluationContext as the EvaluationContext implementation.

Overrides:

createEvaluationContextInternal in class AbstractSecurityExpressionHandler<org.aopalliance.intercept.MethodInvocation>

Parameters:

auth - the current authentication object

mi - the invocation (filter, method, channel)

Returns:

A StandardEvaluationContext or potentially a custom subclass if overridden.

createSecurityExpressionRoot

protected MethodSecurityExpressionOperations createSecurityExpressionRoot(Authentication authentication,
                                                              org.aopalliance.intercept.MethodInvocation invocation)

Creates the root object for expression evaluation.

Specified by:

createSecurityExpressionRoot in class AbstractSecurityExpressionHandler<org.aopalliance.intercept.MethodInvocation>

Parameters:

authentication - the current authentication object

invocation - the invocation (filter, method, channel)

Returns:

the object wh

filter

public Object filter(Object filterTarget,
            Expression filterExpression,
            EvaluationContext ctx)

Filters the filterTarget object (which must be either a collection or an array), by evaluating the supplied expression.

If a Collection is used, the original instance will be modified to contain the elements for which the permission expression evaluates to true. For an array, a new array instance will be returned.

Specified by:

filter in interface MethodSecurityExpressionHandler

Parameters:

filterTarget - the array or collection to be filtered.

filterExpression - the expression which should be used as the filter condition. If it returns false on evaluation, the object will be removed from the returned collection

ctx - the current evaluation context (as created through a call to SecurityExpressionHandler.createEvaluationContext(org.springframework.security.core.Authentication, Object)

Returns:

the filtered collection or array

setTrustResolver

public void setTrustResolver(AuthenticationTrustResolver trustResolver)

Sets the AuthenticationTrustResolver to be used. The default is AuthenticationTrustResolverImpl.

Parameters:

trustResolver - the AuthenticationTrustResolver to use. Cannot be null.

setParameterNameDiscoverer

public void setParameterNameDiscoverer(ParameterNameDiscoverer parameterNameDiscoverer)

Sets the ParameterNameDiscoverer to use. The default is DefaultSecurityParameterNameDiscoverer.

Parameters:

parameterNameDiscoverer -

setPermissionCacheOptimizer

public void setPermissionCacheOptimizer(PermissionCacheOptimizer permissionCacheOptimizer)

setReturnObject

public void setReturnObject(Object returnObject,
                   EvaluationContext ctx)

Description copied from interface: MethodSecurityExpressionHandler

Used to inform the expression system of the return object for the given evaluation context. Only applies to method invocations.

Specified by:

setReturnObject in interface MethodSecurityExpressionHandler

Parameters:

returnObject - the return object value

ctx - the context within which the object should be set (as created through a call to SecurityExpressionHandler.createEvaluationContext(org.springframework.security.core.Authentication, Object)

setDefaultRolePrefix

public void setDefaultRolePrefix(String defaultRolePrefix)

Sets the default prefix to be added to #hasAnyRole(String...) or #hasRole(String). For example, if hasRole("ADMIN") or hasRole("ROLE_ADMIN") is passed in, then the role ROLE_ADMIN will be used when the defaultRolePrefix is "ROLE_" (default).

If null or empty, then no default role prefix is used.

Parameters:

defaultRolePrefix - the default prefix to add to roles. Default "ROLE_".