public interface WebInvocationPrivilegeEvaluator
| Modifier and Type | Method and Description | 
|---|---|
| boolean | isAllowed(java.lang.String uri,
         Authentication authentication)Determines whether the user represented by the supplied Authentication
 object is allowed to invoke the supplied URI. | 
| boolean | isAllowed(java.lang.String contextPath,
         java.lang.String uri,
         java.lang.String method,
         Authentication authentication)Determines whether the user represented by the supplied Authentication
 object is allowed to invoke the supplied URI, with the given . | 
boolean isAllowed(java.lang.String uri,
                  Authentication authentication)
uri - the URI excluding the context path (a default context path setting will
 be used)boolean isAllowed(java.lang.String contextPath,
                  java.lang.String uri,
                  java.lang.String method,
                  Authentication authentication)
 Note the default implementation of FilterInvocationSecurityMetadataSource
 disregards the contextPath when evaluating which secure object
 metadata applies to a given request URI, so generally the contextPath
 is unimportant unless you are using a custom
 FilterInvocationSecurityMetadataSource.
uri - the URI excluding the context pathcontextPath - the context path (may be null).method - the HTTP method (or null, for any method)authentication - the Authentication instance whose authorities should
 be used in evaluation whether access should be granted.