public interface WebInvocationPrivilegeEvaluator
Modifier and Type | Method and Description |
---|---|
boolean |
isAllowed(String uri,
Authentication authentication)
Determines whether the user represented by the supplied Authentication
object is allowed to invoke the supplied URI.
|
boolean |
isAllowed(String contextPath,
String uri,
String method,
Authentication authentication)
Determines whether the user represented by the supplied Authentication
object is allowed to invoke the supplied URI, with the given .
|
boolean isAllowed(String uri, Authentication authentication)
uri
- the URI excluding the context path (a default context path setting will
be used)boolean isAllowed(String contextPath, String uri, String method, Authentication authentication)
Note the default implementation of FilterInvocationSecurityMetadataSource
disregards the contextPath
when evaluating which secure object
metadata applies to a given request URI, so generally the contextPath
is unimportant unless you are using a custom
FilterInvocationSecurityMetadataSource
.
uri
- the URI excluding the context pathcontextPath
- the context path (may be null).method
- the HTTP method (or null, for any method)authentication
- the Authentication instance whose authorities should
be used in evaluation whether access should be granted.