public class DefaultMethodSecurityExpressionHandler extends AbstractSecurityExpressionHandler<org.aopalliance.intercept.MethodInvocation> implements MethodSecurityExpressionHandler
MethodSecurityExpressionHandler
.
A single instance should usually be shared amongst the beans that require expression support.
Modifier and Type | Field and Description |
---|---|
protected org.apache.commons.logging.Log |
logger |
Constructor and Description |
---|
DefaultMethodSecurityExpressionHandler() |
Modifier and Type | Method and Description |
---|---|
StandardEvaluationContext |
createEvaluationContextInternal(Authentication auth,
org.aopalliance.intercept.MethodInvocation mi)
Uses a
MethodSecurityEvaluationContext as the EvaluationContext
implementation. |
protected MethodSecurityExpressionOperations |
createSecurityExpressionRoot(Authentication authentication,
org.aopalliance.intercept.MethodInvocation invocation)
Creates the root object for expression evaluation.
|
Object |
filter(Object filterTarget,
Expression filterExpression,
EvaluationContext ctx)
Filters the
filterTarget object (which must be either a collection or an
array), by evaluating the supplied expression. |
protected String |
getDefaultRolePrefix() |
protected ParameterNameDiscoverer |
getParameterNameDiscoverer() |
protected AuthenticationTrustResolver |
getTrustResolver() |
void |
setDefaultRolePrefix(String defaultRolePrefix)
Sets the default prefix to be added to
SecurityExpressionRoot.hasAnyRole(String...) or
SecurityExpressionRoot.hasRole(String) . |
void |
setParameterNameDiscoverer(ParameterNameDiscoverer parameterNameDiscoverer)
Sets the
ParameterNameDiscoverer to use. |
void |
setPermissionCacheOptimizer(PermissionCacheOptimizer permissionCacheOptimizer) |
void |
setReturnObject(Object returnObject,
EvaluationContext ctx)
Used to inform the expression system of the return object for the given evaluation
context.
|
void |
setTrustResolver(AuthenticationTrustResolver trustResolver)
Sets the
AuthenticationTrustResolver to be used. |
createEvaluationContext, getExpressionParser, getPermissionEvaluator, getRoleHierarchy, setApplicationContext, setExpressionParser, setPermissionEvaluator, setRoleHierarchy
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
createEvaluationContext, getExpressionParser
public DefaultMethodSecurityExpressionHandler()
public StandardEvaluationContext createEvaluationContextInternal(Authentication auth, org.aopalliance.intercept.MethodInvocation mi)
MethodSecurityEvaluationContext
as the EvaluationContext
implementation.createEvaluationContextInternal
in class AbstractSecurityExpressionHandler<org.aopalliance.intercept.MethodInvocation>
auth
- the current authentication objectmi
- the invocation (filter, method, channel)StandardEvaluationContext
or potentially a custom subclass if
overridden.protected MethodSecurityExpressionOperations createSecurityExpressionRoot(Authentication authentication, org.aopalliance.intercept.MethodInvocation invocation)
createSecurityExpressionRoot
in class AbstractSecurityExpressionHandler<org.aopalliance.intercept.MethodInvocation>
authentication
- the current authentication objectinvocation
- the invocation (filter, method, channel)public Object filter(Object filterTarget, Expression filterExpression, EvaluationContext ctx)
filterTarget
object (which must be either a collection or an
array), by evaluating the supplied expression.
If a Collection
is used, the original instance will be modified to contain
the elements for which the permission expression evaluates to true
. For an
array, a new array instance will be returned.
filter
in interface MethodSecurityExpressionHandler
filterTarget
- the array or collection to be filtered.filterExpression
- the expression which should be used as the filter
condition. If it returns false on evaluation, the object will be removed from the
returned collectionctx
- the current evaluation context (as created through a call to
SecurityExpressionHandler.createEvaluationContext(org.springframework.security.core.Authentication, Object)
public void setTrustResolver(AuthenticationTrustResolver trustResolver)
AuthenticationTrustResolver
to be used. The default is
AuthenticationTrustResolverImpl
.trustResolver
- the AuthenticationTrustResolver
to use. Cannot be
null.protected AuthenticationTrustResolver getTrustResolver()
AuthenticationTrustResolver
public void setParameterNameDiscoverer(ParameterNameDiscoverer parameterNameDiscoverer)
ParameterNameDiscoverer
to use. The default is
DefaultSecurityParameterNameDiscoverer
.parameterNameDiscoverer
- protected ParameterNameDiscoverer getParameterNameDiscoverer()
ParameterNameDiscoverer
public void setPermissionCacheOptimizer(PermissionCacheOptimizer permissionCacheOptimizer)
public void setReturnObject(Object returnObject, EvaluationContext ctx)
MethodSecurityExpressionHandler
setReturnObject
in interface MethodSecurityExpressionHandler
returnObject
- the return object valuectx
- the context within which the object should be set (as created through a
call to
SecurityExpressionHandler.createEvaluationContext(org.springframework.security.core.Authentication, Object)
public void setDefaultRolePrefix(String defaultRolePrefix)
Sets the default prefix to be added to SecurityExpressionRoot.hasAnyRole(String...)
or
SecurityExpressionRoot.hasRole(String)
. For example, if hasRole("ADMIN") or hasRole("ROLE_ADMIN")
is passed in, then the role ROLE_ADMIN will be used when the defaultRolePrefix is
"ROLE_" (default).
If null or empty, then no default role prefix is used.
defaultRolePrefix
- the default prefix to add to roles. Default "ROLE_".protected String getDefaultRolePrefix()