org.springframework.security.access.expression

Interface SecurityExpressionOperations

All Known Subinterfaces:

MethodSecurityExpressionOperations

All Known Implementing Classes:

MessageSecurityExpressionRoot, SecurityExpressionRoot, WebSecurityExpressionRoot

public interface SecurityExpressionOperations

Standard interface for expression root objects used with expression-based security.

Since:

3.1.1

Method Summary

Modifier and Type	Method and Description
boolean	denyAll() Always denies access
Authentication	getAuthentication() Gets the Authentication used for evaluating the expressions
boolean	hasAnyAuthority(String... authorities) Determines if the getAuthentication() has any of the specified authorities within Authentication.getAuthorities().
boolean	hasAnyRole(String... roles) Determines if the getAuthentication() has any of the specified authorities within Authentication.getAuthorities().
boolean	hasAuthority(String authority) Determines if the getAuthentication() has a particular authority within Authentication.getAuthorities().
boolean	hasPermission(Object target, Object permission) Determines if the getAuthentication() has permission to access the target given the permission
boolean	hasPermission(Object targetId, String targetType, Object permission) Determines if the getAuthentication() has permission to access the domain object with a given id, type, and permission.
boolean	hasRole(String role) Determines if the getAuthentication() has a particular authority within Authentication.getAuthorities().
boolean	isAnonymous() Determines if the getAuthentication() is anonymous
boolean	isAuthenticated() Determines ifthe getAuthentication() is authenticated
boolean	isFullyAuthenticated() Determines if the getAuthentication() authenticated without the use of remember me
boolean	isRememberMe() Determines if the getAuthentication() was authenticated using remember me
boolean	permitAll() Always grants access.

Method Detail

getAuthentication

Authentication getAuthentication()

Gets the Authentication used for evaluating the expressions

Returns:

the Authentication for evaluating the expressions

hasAuthority

boolean hasAuthority(String authority)

Determines if the getAuthentication() has a particular authority within Authentication.getAuthorities().

Parameters:

authority - the authority to test (i.e. "ROLE_USER")

Returns:

true if the authority is found, else false

hasAnyAuthority

boolean hasAnyAuthority(String... authorities)

Determines if the getAuthentication() has any of the specified authorities within Authentication.getAuthorities().

Parameters:

authorities - the authorities to test (i.e. "ROLE_USER", "ROLE_ADMIN")

Returns:

true if any of the authorities is found, else false

hasRole

boolean hasRole(String role)

Determines if the getAuthentication() has a particular authority within Authentication.getAuthorities().

This is similar to hasAuthority(String) except that this method implies that the String passed in is a role. For example, if "USER" is passed in the implementation may convert it to use "ROLE_USER" instead. The way in which the role is converted may depend on the implementation settings.

Parameters:

role - the authority to test (i.e. "USER")

Returns:

true if the authority is found, else false

hasAnyRole

boolean hasAnyRole(String... roles)

Determines if the getAuthentication() has any of the specified authorities within Authentication.getAuthorities().

This is a similar to hasAnyAuthority except that this method implies that the String passed in is a role. For example, if "USER" is passed in the implementation may convert it to use "ROLE_USER" instead. The way in which the role is converted may depend on the implementation settings.

Parameters:

roles - the authorities to test (i.e. "USER", "ADMIN")

Returns:

true if any of the authorities is found, else false

permitAll

boolean permitAll()

Always grants access.

Returns:

true

denyAll

boolean denyAll()

Always denies access

Returns:

false

isAnonymous

boolean isAnonymous()

Determines if the getAuthentication() is anonymous

Returns:

true if the user is anonymous, else false

isAuthenticated

boolean isAuthenticated()

Determines ifthe getAuthentication() is authenticated

Returns:

true if the getAuthentication() is authenticated, else false

isRememberMe

boolean isRememberMe()

Determines if the getAuthentication() was authenticated using remember me

Returns:

true if the getAuthentication() authenticated using remember me, else false

isFullyAuthenticated

boolean isFullyAuthenticated()

Determines if the getAuthentication() authenticated without the use of remember me

Returns:

true if the getAuthentication() authenticated without the use of remember me, else false

hasPermission

boolean hasPermission(Object target,
                      Object permission)

Determines if the getAuthentication() has permission to access the target given the permission

Parameters:

target - the target domain object to check permission on

permission - the permission to check on the domain object (i.e. "read", "write", etc).

Returns:

true if permission is granted to the getAuthentication(), else false

hasPermission

boolean hasPermission(Object targetId,
                      String targetType,
                      Object permission)

Determines if the getAuthentication() has permission to access the domain object with a given id, type, and permission.

Parameters:

targetId - the identifier of the domain object to determine access

targetType - the type (i.e. com.example.domain.Message)

permission - the perission to check on the domain object (i.e. "read", "write", etc)

Returns:

true if permission is granted to the getAuthentication(), else false