public class DefaultMethodSecurityExpressionHandler extends AbstractSecurityExpressionHandler<org.aopalliance.intercept.MethodInvocation> implements MethodSecurityExpressionHandler
MethodSecurityExpressionHandler
.
A single instance should usually be shared amongst the beans that require expression support.
Modifier and Type | Field and Description |
---|---|
protected org.apache.commons.logging.Log |
logger |
Constructor and Description |
---|
DefaultMethodSecurityExpressionHandler() |
Modifier and Type | Method and Description |
---|---|
org.springframework.expression.spel.support.StandardEvaluationContext |
createEvaluationContextInternal(Authentication auth,
org.aopalliance.intercept.MethodInvocation mi)
Uses a
MethodSecurityEvaluationContext as the EvaluationContext
implementation. |
protected MethodSecurityExpressionOperations |
createSecurityExpressionRoot(Authentication authentication,
org.aopalliance.intercept.MethodInvocation invocation)
Creates the root object for expression evaluation.
|
java.lang.Object |
filter(java.lang.Object filterTarget,
org.springframework.expression.Expression filterExpression,
org.springframework.expression.EvaluationContext ctx)
Filters the
filterTarget object (which must be either a collection, array,
map or stream), by evaluating the supplied expression. |
protected java.lang.String |
getDefaultRolePrefix() |
protected org.springframework.core.ParameterNameDiscoverer |
getParameterNameDiscoverer() |
protected AuthenticationTrustResolver |
getTrustResolver() |
void |
setDefaultRolePrefix(java.lang.String defaultRolePrefix)
Sets the default prefix to be added to
SecurityExpressionRoot.hasAnyRole(String...)
or
SecurityExpressionRoot.hasRole(String) . |
void |
setParameterNameDiscoverer(org.springframework.core.ParameterNameDiscoverer parameterNameDiscoverer)
Sets the
ParameterNameDiscoverer to use. |
void |
setPermissionCacheOptimizer(PermissionCacheOptimizer permissionCacheOptimizer) |
void |
setReturnObject(java.lang.Object returnObject,
org.springframework.expression.EvaluationContext ctx)
Used to inform the expression system of the return object for the given evaluation
context.
|
void |
setTrustResolver(AuthenticationTrustResolver trustResolver)
Sets the
AuthenticationTrustResolver to be used. |
createEvaluationContext, getExpressionParser, getPermissionEvaluator, getRoleHierarchy, setApplicationContext, setExpressionParser, setPermissionEvaluator, setRoleHierarchy
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
createEvaluationContext, getExpressionParser
public DefaultMethodSecurityExpressionHandler()
public org.springframework.expression.spel.support.StandardEvaluationContext createEvaluationContextInternal(Authentication auth, org.aopalliance.intercept.MethodInvocation mi)
MethodSecurityEvaluationContext
as the EvaluationContext
implementation.createEvaluationContextInternal
in class AbstractSecurityExpressionHandler<org.aopalliance.intercept.MethodInvocation>
auth
- the current authentication objectmi
- the invocation (filter, method, channel)StandardEvaluationContext
or potentially a custom subclass if
overridden.protected MethodSecurityExpressionOperations createSecurityExpressionRoot(Authentication authentication, org.aopalliance.intercept.MethodInvocation invocation)
createSecurityExpressionRoot
in class AbstractSecurityExpressionHandler<org.aopalliance.intercept.MethodInvocation>
authentication
- the current authentication objectinvocation
- the invocation (filter, method, channel)public java.lang.Object filter(java.lang.Object filterTarget, org.springframework.expression.Expression filterExpression, org.springframework.expression.EvaluationContext ctx)
filterTarget
object (which must be either a collection, array,
map or stream), by evaluating the supplied expression.
If a Collection
or Map
is used, the original instance will be
modified to contain the elements for which the permission expression evaluates to
true
. For an array, a new array instance will be returned.
filter
in interface MethodSecurityExpressionHandler
filterTarget
- the array or collection to be filtered.filterExpression
- the expression which should be used as the filter
condition. If it returns false on evaluation, the object will be removed from the
returned collectionctx
- the current evaluation context (as created through a call to
SecurityExpressionHandler.createEvaluationContext(org.springframework.security.core.Authentication, Object)
public void setTrustResolver(AuthenticationTrustResolver trustResolver)
AuthenticationTrustResolver
to be used. The default is
AuthenticationTrustResolverImpl
.trustResolver
- the AuthenticationTrustResolver
to use. Cannot be
null.protected AuthenticationTrustResolver getTrustResolver()
AuthenticationTrustResolver
public void setParameterNameDiscoverer(org.springframework.core.ParameterNameDiscoverer parameterNameDiscoverer)
ParameterNameDiscoverer
to use. The default is
DefaultSecurityParameterNameDiscoverer
.parameterNameDiscoverer
- protected org.springframework.core.ParameterNameDiscoverer getParameterNameDiscoverer()
ParameterNameDiscoverer
public void setPermissionCacheOptimizer(PermissionCacheOptimizer permissionCacheOptimizer)
public void setReturnObject(java.lang.Object returnObject, org.springframework.expression.EvaluationContext ctx)
MethodSecurityExpressionHandler
setReturnObject
in interface MethodSecurityExpressionHandler
returnObject
- the return object valuectx
- the context within which the object should be set (as created through a
call to
SecurityExpressionHandler.createEvaluationContext(org.springframework.security.core.Authentication, Object)
public void setDefaultRolePrefix(java.lang.String defaultRolePrefix)
Sets the default prefix to be added to
SecurityExpressionRoot.hasAnyRole(String...)
or
SecurityExpressionRoot.hasRole(String)
.
For example, if hasRole("ADMIN") or hasRole("ROLE_ADMIN") is passed in, then the
role ROLE_ADMIN will be used when the defaultRolePrefix is "ROLE_" (default).
If null or empty, then no default role prefix is used.
defaultRolePrefix
- the default prefix to add to roles. Default "ROLE_".protected java.lang.String getDefaultRolePrefix()