Package org.springframework.security.access

Interface PermissionEvaluator

  • All Superinterfaces:
    org.springframework.aop.framework.AopInfrastructureBean
    All Known Implementing Classes:
    AclPermissionEvaluator, DenyAllPermissionEvaluator
    public interface PermissionEvaluator
extends org.springframework.aop.framework.AopInfrastructureBean
    Strategy used in expression evaluation to determine whether a user has a permission or permissions for a given domain object.
    Since:
    3.0

    • Method Summary

      All Methods Instance Methods Abstract Methods 
      Modifier and Type Method Description
      boolean hasPermission​(Authentication authentication, java.io.Serializable targetId, java.lang.String targetType, java.lang.Object permission)
      Alternative method for evaluating a permission where only the identifier of the target object is available, rather than the target instance itself.
      boolean hasPermission​(Authentication authentication, java.lang.Object targetDomainObject, java.lang.Object permission)  

    • Method Detail

      • hasPermission

        boolean hasPermission​(Authentication authentication,
                      java.lang.Object targetDomainObject,
                      java.lang.Object permission)
        Parameters:
        authentication - represents the user in question. Should not be null.
        targetDomainObject - the domain object for which permissions should be checked. May be null in which case implementations should return false, as the null condition can be checked explicitly in the expression.
        permission - a representation of the permission object as supplied by the expression system. Not null.
        Returns:
        true if the permission is granted, false otherwise

      • hasPermission

        boolean hasPermission​(Authentication authentication,
                      java.io.Serializable targetId,
                      java.lang.String targetType,
                      java.lang.Object permission)
        Alternative method for evaluating a permission where only the identifier of the target object is available, rather than the target instance itself.
        Parameters:
        authentication - represents the user in question. Should not be null.
        targetId - the identifier for the object instance (usually a Long)
        targetType - a String representing the target's type (usually a Java classname). Not null.
        permission - a representation of the permission object as supplied by the expression system. Not null.
        Returns:
        true if the permission is granted, false otherwise