Package org.springframework.security.web.access

Class DefaultWebInvocationPrivilegeEvaluator

    • Field Summary

      Fields 
      Modifier and Type Field Description
      protected static org.apache.commons.logging.Log logger  

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      boolean isAllowed​(java.lang.String contextPath, java.lang.String uri, java.lang.String method, Authentication authentication)
      Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI, with the given .
      boolean isAllowed​(java.lang.String uri, Authentication authentication)
      Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • logger

        protected static final org.apache.commons.logging.Log logger

    • Constructor Detail

      • DefaultWebInvocationPrivilegeEvaluator

        public DefaultWebInvocationPrivilegeEvaluator​(AbstractSecurityInterceptor securityInterceptor)

    • Method Detail

      • isAllowed

        public boolean isAllowed​(java.lang.String uri,
                         Authentication authentication)
        Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI.
        Specified by:
        isAllowed in interface WebInvocationPrivilegeEvaluator
        Parameters:
        uri - the URI excluding the context path (a default context path setting will be used)

      • isAllowed

        public boolean isAllowed​(java.lang.String contextPath,
                         java.lang.String uri,
                         java.lang.String method,
                         Authentication authentication)
        Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI, with the given .

        Note the default implementation of FilterInvocationSecurityMetadataSource disregards the contextPath when evaluating which secure object metadata applies to a given request URI, so generally the contextPath is unimportant unless you are using a custom FilterInvocationSecurityMetadataSource.

        Specified by:
        isAllowed in interface WebInvocationPrivilegeEvaluator
        Parameters:
        uri - the URI excluding the context path
        contextPath - the context path (may be null, in which case a default value will be used).
        method - the HTTP method (or null, for any method)
        authentication - the Authentication instance whose authorities should be used in evaluation whether access should be granted.
        Returns:
        true if access is allowed, false if denied