Class DefaultMethodSecurityExpressionHandler
- java.lang.Object
-
- org.springframework.security.access.expression.AbstractSecurityExpressionHandler<org.aopalliance.intercept.MethodInvocation>
-
- org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler
-
- All Implemented Interfaces:
org.springframework.aop.framework.AopInfrastructureBean,org.springframework.beans.factory.Aware,org.springframework.context.ApplicationContextAware,MethodSecurityExpressionHandler,SecurityExpressionHandler<org.aopalliance.intercept.MethodInvocation>
public class DefaultMethodSecurityExpressionHandler extends AbstractSecurityExpressionHandler<org.aopalliance.intercept.MethodInvocation> implements MethodSecurityExpressionHandler
The standard implementation ofMethodSecurityExpressionHandler.A single instance should usually be shared amongst the beans that require expression support.
- Since:
- 3.0
-
-
Field Summary
Fields Modifier and Type Field Description protected org.apache.commons.logging.Loglogger
-
Constructor Summary
Constructors Constructor Description DefaultMethodSecurityExpressionHandler()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description org.springframework.expression.spel.support.StandardEvaluationContextcreateEvaluationContextInternal(Authentication auth, org.aopalliance.intercept.MethodInvocation mi)Uses aMethodSecurityEvaluationContextas the EvaluationContext implementation.protected MethodSecurityExpressionOperationscreateSecurityExpressionRoot(Authentication authentication, org.aopalliance.intercept.MethodInvocation invocation)Creates the root object for expression evaluation.java.lang.Objectfilter(java.lang.Object filterTarget, org.springframework.expression.Expression filterExpression, org.springframework.expression.EvaluationContext ctx)Filters thefilterTargetobject (which must be either a collection, array, map or stream), by evaluating the supplied expression.protected java.lang.StringgetDefaultRolePrefix()protected org.springframework.core.ParameterNameDiscoverergetParameterNameDiscoverer()protected AuthenticationTrustResolvergetTrustResolver()voidsetDefaultRolePrefix(java.lang.String defaultRolePrefix)Sets the default prefix to be added toSecurityExpressionRoot.hasAnyRole(String...)orSecurityExpressionRoot.hasRole(String).voidsetParameterNameDiscoverer(org.springframework.core.ParameterNameDiscoverer parameterNameDiscoverer)Sets theParameterNameDiscovererto use.voidsetPermissionCacheOptimizer(PermissionCacheOptimizer permissionCacheOptimizer)voidsetReturnObject(java.lang.Object returnObject, org.springframework.expression.EvaluationContext ctx)Used to inform the expression system of the return object for the given evaluation context.voidsetTrustResolver(AuthenticationTrustResolver trustResolver)Sets theAuthenticationTrustResolverto be used.-
Methods inherited from class org.springframework.security.access.expression.AbstractSecurityExpressionHandler
createEvaluationContext, getExpressionParser, getPermissionEvaluator, getRoleHierarchy, setApplicationContext, setExpressionParser, setPermissionEvaluator, setRoleHierarchy
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.springframework.security.access.expression.SecurityExpressionHandler
createEvaluationContext, getExpressionParser
-
-
-
-
Method Detail
-
createEvaluationContextInternal
public org.springframework.expression.spel.support.StandardEvaluationContext createEvaluationContextInternal(Authentication auth, org.aopalliance.intercept.MethodInvocation mi)
Uses aMethodSecurityEvaluationContextas the EvaluationContext implementation.- Overrides:
createEvaluationContextInternalin classAbstractSecurityExpressionHandler<org.aopalliance.intercept.MethodInvocation>- Parameters:
auth- the current authentication objectmi- the invocation (filter, method, channel)- Returns:
- A
StandardEvaluationContextor potentially a custom subclass if overridden.
-
createSecurityExpressionRoot
protected MethodSecurityExpressionOperations createSecurityExpressionRoot(Authentication authentication, org.aopalliance.intercept.MethodInvocation invocation)
Creates the root object for expression evaluation.- Specified by:
createSecurityExpressionRootin classAbstractSecurityExpressionHandler<org.aopalliance.intercept.MethodInvocation>- Parameters:
authentication- the current authentication objectinvocation- the invocation (filter, method, channel)- Returns:
- the object
-
filter
public java.lang.Object filter(java.lang.Object filterTarget, org.springframework.expression.Expression filterExpression, org.springframework.expression.EvaluationContext ctx)Filters thefilterTargetobject (which must be either a collection, array, map or stream), by evaluating the supplied expression.If a
CollectionorMapis used, the original instance will be modified to contain the elements for which the permission expression evaluates totrue. For an array, a new array instance will be returned.- Specified by:
filterin interfaceMethodSecurityExpressionHandler- Parameters:
filterTarget- the array or collection to be filtered.filterExpression- the expression which should be used as the filter condition. If it returns false on evaluation, the object will be removed from the returned collectionctx- the current evaluation context (as created through a call toSecurityExpressionHandler.createEvaluationContext(org.springframework.security.core.Authentication, Object)- Returns:
- the filtered collection or array
-
setTrustResolver
public void setTrustResolver(AuthenticationTrustResolver trustResolver)
Sets theAuthenticationTrustResolverto be used. The default isAuthenticationTrustResolverImpl.- Parameters:
trustResolver- theAuthenticationTrustResolverto use. Cannot be null.
-
getTrustResolver
protected AuthenticationTrustResolver getTrustResolver()
- Returns:
- The current
AuthenticationTrustResolver
-
setParameterNameDiscoverer
public void setParameterNameDiscoverer(org.springframework.core.ParameterNameDiscoverer parameterNameDiscoverer)
Sets theParameterNameDiscovererto use. The default isDefaultSecurityParameterNameDiscoverer.- Parameters:
parameterNameDiscoverer-
-
getParameterNameDiscoverer
protected org.springframework.core.ParameterNameDiscoverer getParameterNameDiscoverer()
- Returns:
- The current
ParameterNameDiscoverer
-
setPermissionCacheOptimizer
public void setPermissionCacheOptimizer(PermissionCacheOptimizer permissionCacheOptimizer)
-
setReturnObject
public void setReturnObject(java.lang.Object returnObject, org.springframework.expression.EvaluationContext ctx)Description copied from interface:MethodSecurityExpressionHandlerUsed to inform the expression system of the return object for the given evaluation context. Only applies to method invocations.- Specified by:
setReturnObjectin interfaceMethodSecurityExpressionHandler- Parameters:
returnObject- the return object valuectx- the context within which the object should be set (as created through a call toSecurityExpressionHandler.createEvaluationContext(org.springframework.security.core.Authentication, Object)
-
setDefaultRolePrefix
public void setDefaultRolePrefix(java.lang.String defaultRolePrefix)
Sets the default prefix to be added to
SecurityExpressionRoot.hasAnyRole(String...)orSecurityExpressionRoot.hasRole(String). For example, if hasRole("ADMIN") or hasRole("ROLE_ADMIN") is passed in, then the role ROLE_ADMIN will be used when the defaultRolePrefix is "ROLE_" (default).If null or empty, then no default role prefix is used.
- Parameters:
defaultRolePrefix- the default prefix to add to roles. Default "ROLE_".
-
getDefaultRolePrefix
protected java.lang.String getDefaultRolePrefix()
- Returns:
- The default role prefix
-
-