Class DefaultWebSecurityExpressionHandler
- java.lang.Object
-
- org.springframework.security.access.expression.AbstractSecurityExpressionHandler<FilterInvocation>
-
- org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler
-
- All Implemented Interfaces:
org.springframework.aop.framework.AopInfrastructureBean
,org.springframework.beans.factory.Aware
,org.springframework.context.ApplicationContextAware
,SecurityExpressionHandler<FilterInvocation>
public class DefaultWebSecurityExpressionHandler extends AbstractSecurityExpressionHandler<FilterInvocation> implements SecurityExpressionHandler<FilterInvocation>
- Since:
- 3.0
-
-
Constructor Summary
Constructors Constructor Description DefaultWebSecurityExpressionHandler()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected SecurityExpressionOperations
createSecurityExpressionRoot(Authentication authentication, FilterInvocation fi)
Implement in order to create a root object of the correct type for the supported invocation type.void
setDefaultRolePrefix(java.lang.String defaultRolePrefix)
Sets the default prefix to be added toSecurityExpressionRoot.hasAnyRole(String...)
orSecurityExpressionRoot.hasRole(String)
.void
setTrustResolver(AuthenticationTrustResolver trustResolver)
Sets theAuthenticationTrustResolver
to be used.-
Methods inherited from class org.springframework.security.access.expression.AbstractSecurityExpressionHandler
createEvaluationContext, createEvaluationContextInternal, getExpressionParser, getPermissionEvaluator, getRoleHierarchy, setApplicationContext, setExpressionParser, setPermissionEvaluator, setRoleHierarchy
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.springframework.security.access.expression.SecurityExpressionHandler
createEvaluationContext, getExpressionParser
-
-
-
-
Method Detail
-
createSecurityExpressionRoot
protected SecurityExpressionOperations createSecurityExpressionRoot(Authentication authentication, FilterInvocation fi)
Description copied from class:AbstractSecurityExpressionHandler
Implement in order to create a root object of the correct type for the supported invocation type.- Specified by:
createSecurityExpressionRoot
in classAbstractSecurityExpressionHandler<FilterInvocation>
- Parameters:
authentication
- the current authentication objectfi
- the invocation (filter, method, channel)- Returns:
- the object
-
setTrustResolver
public void setTrustResolver(AuthenticationTrustResolver trustResolver)
Sets theAuthenticationTrustResolver
to be used. The default isAuthenticationTrustResolverImpl
.- Parameters:
trustResolver
- theAuthenticationTrustResolver
to use. Cannot be null.
-
setDefaultRolePrefix
public void setDefaultRolePrefix(java.lang.String defaultRolePrefix)
Sets the default prefix to be added to
SecurityExpressionRoot.hasAnyRole(String...)
orSecurityExpressionRoot.hasRole(String)
. For example, if hasRole("ADMIN") or hasRole("ROLE_ADMIN") is passed in, then the role ROLE_ADMIN will be used when the defaultRolePrefix is "ROLE_" (default).If null or empty, then no default role prefix is used.
- Parameters:
defaultRolePrefix
- the default prefix to add to roles. Default "ROLE_".
-
-