public class DefaultWebInvocationPrivilegeEvaluator extends Object implements WebInvocationPrivilegeEvaluator
Modifier and Type | Field and Description |
---|---|
protected static org.apache.commons.logging.Log |
logger |
Constructor and Description |
---|
DefaultWebInvocationPrivilegeEvaluator(AbstractSecurityInterceptor securityInterceptor) |
Modifier and Type | Method and Description |
---|---|
boolean |
isAllowed(String uri,
Authentication authentication)
Determines whether the user represented by the supplied Authentication
object is allowed to invoke the supplied URI.
|
boolean |
isAllowed(String contextPath,
String uri,
String method,
Authentication authentication)
Determines whether the user represented by the supplied Authentication
object is allowed to invoke the supplied URI, with the given .
|
public DefaultWebInvocationPrivilegeEvaluator(AbstractSecurityInterceptor securityInterceptor)
public boolean isAllowed(String uri, Authentication authentication)
isAllowed
in interface WebInvocationPrivilegeEvaluator
uri
- the URI excluding the context path (a default context path setting will
be used)public boolean isAllowed(String contextPath, String uri, String method, Authentication authentication)
Note the default implementation of FilterInvocationSecurityMetadataSource
disregards the contextPath
when evaluating which secure object
metadata applies to a given request URI, so generally the contextPath
is unimportant unless you are using a custom
FilterInvocationSecurityMetadataSource
.
isAllowed
in interface WebInvocationPrivilegeEvaluator
uri
- the URI excluding the context pathcontextPath
- the context path (may be null, in which case a default value
will be used).method
- the HTTP method (or null, for any method)authentication
- the Authentication instance whose authorities should
be used in evaluation whether access should be granted.