public abstract class SecurityExpressionRoot extends Object implements SecurityExpressionOperations
Modifier and Type | Field and Description |
---|---|
String |
admin |
protected Authentication |
authentication |
String |
create |
String |
delete |
boolean |
denyAll
Allows "denyAll" expression
|
boolean |
permitAll
Allows "permitAll" expression
|
String |
read |
String |
write |
Constructor and Description |
---|
SecurityExpressionRoot(Authentication authentication)
Creates a new instance
|
Modifier and Type | Method and Description |
---|---|
boolean |
denyAll()
Always denies access
|
Authentication |
getAuthentication()
Gets the
Authentication used for evaluating the expressions |
Object |
getPrincipal()
Convenience method to access
Authentication.getPrincipal() from
getAuthentication() |
boolean |
hasAnyAuthority(String... authorities)
Determines if the
SecurityExpressionOperations.getAuthentication() has any of the specified authorities
within Authentication.getAuthorities() . |
boolean |
hasAnyRole(String... roles)
Determines if the
SecurityExpressionOperations.getAuthentication() has any of the specified authorities
within Authentication.getAuthorities() . |
boolean |
hasAuthority(String authority)
Determines if the
SecurityExpressionOperations.getAuthentication() has a particular authority within
Authentication.getAuthorities() . |
boolean |
hasPermission(Object target,
Object permission)
Determines if the
SecurityExpressionOperations.getAuthentication() has permission to access the target
given the permission |
boolean |
hasPermission(Object targetId,
String targetType,
Object permission)
Determines if the
SecurityExpressionOperations.getAuthentication() has permission to access the domain
object with a given id, type, and permission. |
boolean |
hasRole(String role)
Determines if the
SecurityExpressionOperations.getAuthentication() has a particular authority within
Authentication.getAuthorities() . |
boolean |
isAnonymous()
Determines if the
SecurityExpressionOperations.getAuthentication() is anonymous |
boolean |
isAuthenticated()
Determines ifthe
SecurityExpressionOperations.getAuthentication() is authenticated |
boolean |
isFullyAuthenticated()
Determines if the
SecurityExpressionOperations.getAuthentication() authenticated without the use of
remember me |
boolean |
isRememberMe()
Determines if the
SecurityExpressionOperations.getAuthentication() was authenticated using remember me |
boolean |
permitAll()
Always grants access.
|
void |
setDefaultRolePrefix(String defaultRolePrefix)
Sets the default prefix to be added to
hasAnyRole(String...) or
hasRole(String) . |
void |
setPermissionEvaluator(PermissionEvaluator permissionEvaluator) |
void |
setRoleHierarchy(RoleHierarchy roleHierarchy) |
void |
setTrustResolver(AuthenticationTrustResolver trustResolver) |
protected final Authentication authentication
public final boolean permitAll
public final boolean denyAll
public final String read
public final String write
public final String create
public final String delete
public final String admin
public SecurityExpressionRoot(Authentication authentication)
authentication
- the Authentication
to use. Cannot be null.public final boolean hasAuthority(String authority)
SecurityExpressionOperations
SecurityExpressionOperations.getAuthentication()
has a particular authority within
Authentication.getAuthorities()
.hasAuthority
in interface SecurityExpressionOperations
authority
- the authority to test (i.e. "ROLE_USER")public final boolean hasAnyAuthority(String... authorities)
SecurityExpressionOperations
SecurityExpressionOperations.getAuthentication()
has any of the specified authorities
within Authentication.getAuthorities()
.hasAnyAuthority
in interface SecurityExpressionOperations
authorities
- the authorities to test (i.e. "ROLE_USER", "ROLE_ADMIN")public final boolean hasRole(String role)
SecurityExpressionOperations
Determines if the SecurityExpressionOperations.getAuthentication()
has a particular authority within
Authentication.getAuthorities()
.
This is similar to SecurityExpressionOperations.hasAuthority(String)
except that this method implies
that the String passed in is a role. For example, if "USER" is passed in the
implementation may convert it to use "ROLE_USER" instead. The way in which the role
is converted may depend on the implementation settings.
hasRole
in interface SecurityExpressionOperations
role
- the authority to test (i.e. "USER")public final boolean hasAnyRole(String... roles)
SecurityExpressionOperations
Determines if the SecurityExpressionOperations.getAuthentication()
has any of the specified authorities
within Authentication.getAuthorities()
.
This is a similar to hasAnyAuthority except that this method implies that the String passed in is a role. For example, if "USER" is passed in the implementation may convert it to use "ROLE_USER" instead. The way in which the role is converted may depend on the implementation settings.
hasAnyRole
in interface SecurityExpressionOperations
roles
- the authorities to test (i.e. "USER", "ADMIN")public final Authentication getAuthentication()
SecurityExpressionOperations
Authentication
used for evaluating the expressionsgetAuthentication
in interface SecurityExpressionOperations
Authentication
for evaluating the expressionspublic final boolean permitAll()
SecurityExpressionOperations
permitAll
in interface SecurityExpressionOperations
public final boolean denyAll()
SecurityExpressionOperations
denyAll
in interface SecurityExpressionOperations
public final boolean isAnonymous()
SecurityExpressionOperations
SecurityExpressionOperations.getAuthentication()
is anonymousisAnonymous
in interface SecurityExpressionOperations
public final boolean isAuthenticated()
SecurityExpressionOperations
SecurityExpressionOperations.getAuthentication()
is authenticatedisAuthenticated
in interface SecurityExpressionOperations
SecurityExpressionOperations.getAuthentication()
is authenticated, else falsepublic final boolean isRememberMe()
SecurityExpressionOperations
SecurityExpressionOperations.getAuthentication()
was authenticated using remember meisRememberMe
in interface SecurityExpressionOperations
SecurityExpressionOperations.getAuthentication()
authenticated using remember me,
else falsepublic final boolean isFullyAuthenticated()
SecurityExpressionOperations
SecurityExpressionOperations.getAuthentication()
authenticated without the use of
remember meisFullyAuthenticated
in interface SecurityExpressionOperations
SecurityExpressionOperations.getAuthentication()
authenticated without the use of
remember me, else falsepublic Object getPrincipal()
Authentication.getPrincipal()
from
getAuthentication()
public void setTrustResolver(AuthenticationTrustResolver trustResolver)
public void setRoleHierarchy(RoleHierarchy roleHierarchy)
public void setDefaultRolePrefix(String defaultRolePrefix)
Sets the default prefix to be added to hasAnyRole(String...)
or
hasRole(String)
. For example, if hasRole("ADMIN") or hasRole("ROLE_ADMIN")
is passed in, then the role ROLE_ADMIN will be used when the defaultRolePrefix is
"ROLE_" (default).
If null or empty, then no default role prefix is used.
defaultRolePrefix
- the default prefix to add to roles. Default "ROLE_".public boolean hasPermission(Object target, Object permission)
SecurityExpressionOperations
SecurityExpressionOperations.getAuthentication()
has permission to access the target
given the permissionhasPermission
in interface SecurityExpressionOperations
target
- the target domain object to check permission onpermission
- the permission to check on the domain object (i.e. "read",
"write", etc).SecurityExpressionOperations.getAuthentication()
, else
falsepublic boolean hasPermission(Object targetId, String targetType, Object permission)
SecurityExpressionOperations
SecurityExpressionOperations.getAuthentication()
has permission to access the domain
object with a given id, type, and permission.hasPermission
in interface SecurityExpressionOperations
targetId
- the identifier of the domain object to determine accesstargetType
- the type (i.e. com.example.domain.Message)permission
- the perission to check on the domain object (i.e. "read",
"write", etc)SecurityExpressionOperations.getAuthentication()
, else
falsepublic void setPermissionEvaluator(PermissionEvaluator permissionEvaluator)