Class DefaultWebInvocationPrivilegeEvaluator
- java.lang.Object
-
- org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator
-
- All Implemented Interfaces:
WebInvocationPrivilegeEvaluator
public class DefaultWebInvocationPrivilegeEvaluator extends java.lang.Object implements WebInvocationPrivilegeEvaluator
Allows users to determine whether they have privileges for a given web URI.- Since:
- 3.0
-
-
Field Summary
Fields Modifier and Type Field Description protected static org.apache.commons.logging.Log
logger
-
Constructor Summary
Constructors Constructor Description DefaultWebInvocationPrivilegeEvaluator(AbstractSecurityInterceptor securityInterceptor)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description boolean
isAllowed(java.lang.String contextPath, java.lang.String uri, java.lang.String method, Authentication authentication)
Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI, with the given .boolean
isAllowed(java.lang.String uri, Authentication authentication)
Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI.
-
-
-
Constructor Detail
-
DefaultWebInvocationPrivilegeEvaluator
public DefaultWebInvocationPrivilegeEvaluator(AbstractSecurityInterceptor securityInterceptor)
-
-
Method Detail
-
isAllowed
public boolean isAllowed(java.lang.String uri, Authentication authentication)
Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI.- Specified by:
isAllowed
in interfaceWebInvocationPrivilegeEvaluator
- Parameters:
uri
- the URI excluding the context path (a default context path setting will be used)
-
isAllowed
public boolean isAllowed(java.lang.String contextPath, java.lang.String uri, java.lang.String method, Authentication authentication)
Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI, with the given .Note the default implementation of FilterInvocationSecurityMetadataSource disregards the
contextPath
when evaluating which secure object metadata applies to a given request URI, so generally thecontextPath
is unimportant unless you are using a customFilterInvocationSecurityMetadataSource
.- Specified by:
isAllowed
in interfaceWebInvocationPrivilegeEvaluator
- Parameters:
uri
- the URI excluding the context pathcontextPath
- the context path (may be null, in which case a default value will be used).method
- the HTTP method (or null, for any method)authentication
- the Authentication instance whose authorities should be used in evaluation whether access should be granted.- Returns:
- true if access is allowed, false if denied
-
-