Interface WebInvocationPrivilegeEvaluator
-
- All Known Implementing Classes:
DefaultWebInvocationPrivilegeEvaluator
public interface WebInvocationPrivilegeEvaluatorAllows users to determine whether they have privileges for a given web URI.- Since:
- 3.0
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description booleanisAllowed(java.lang.String contextPath, java.lang.String uri, java.lang.String method, Authentication authentication)Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI, with the given .booleanisAllowed(java.lang.String uri, Authentication authentication)Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI.
-
-
-
Method Detail
-
isAllowed
boolean isAllowed(java.lang.String uri, Authentication authentication)Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI.- Parameters:
uri- the URI excluding the context path (a default context path setting will be used)
-
isAllowed
boolean isAllowed(java.lang.String contextPath, java.lang.String uri, java.lang.String method, Authentication authentication)Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI, with the given .Note the default implementation of FilterInvocationSecurityMetadataSource disregards the
contextPathwhen evaluating which secure object metadata applies to a given request URI, so generally thecontextPathis unimportant unless you are using a customFilterInvocationSecurityMetadataSource.- Parameters:
uri- the URI excluding the context pathcontextPath- the context path (may be null).method- the HTTP method (or null, for any method)authentication- the Authentication instance whose authorities should be used in evaluation whether access should be granted.- Returns:
- true if access is allowed, false if denied
-
-