public class DefaultWebInvocationPrivilegeEvaluator extends Object implements WebInvocationPrivilegeEvaluator
| Modifier and Type | Field and Description | 
|---|---|
| protected static org.apache.commons.logging.Log | logger | 
| Constructor and Description | 
|---|
| DefaultWebInvocationPrivilegeEvaluator(AbstractSecurityInterceptor securityInterceptor) | 
| Modifier and Type | Method and Description | 
|---|---|
| boolean | isAllowed(String uri,
         Authentication authentication)Determines whether the user represented by the supplied Authentication
 object is allowed to invoke the supplied URI. | 
| boolean | isAllowed(String contextPath,
         String uri,
         String method,
         Authentication authentication)Determines whether the user represented by the supplied Authentication
 object is allowed to invoke the supplied URI, with the given . | 
public DefaultWebInvocationPrivilegeEvaluator(AbstractSecurityInterceptor securityInterceptor)
public boolean isAllowed(String uri, Authentication authentication)
isAllowed in interface WebInvocationPrivilegeEvaluatoruri - the URI excluding the context path (a default context path setting will
 be used)public boolean isAllowed(String contextPath, String uri, String method, Authentication authentication)
 Note the default implementation of FilterInvocationSecurityMetadataSource
 disregards the contextPath when evaluating which secure object
 metadata applies to a given request URI, so generally the contextPath
 is unimportant unless you are using a custom
 FilterInvocationSecurityMetadataSource.
isAllowed in interface WebInvocationPrivilegeEvaluatoruri - the URI excluding the context pathcontextPath - the context path (may be null, in which case a default value
 will be used).method - the HTTP method (or null, for any method)authentication - the Authentication instance whose authorities should
 be used in evaluation whether access should be granted.