Class AbstractSecurityExpressionHandler<T>
- java.lang.Object
-
- org.springframework.security.access.expression.AbstractSecurityExpressionHandler<T>
-
- All Implemented Interfaces:
org.springframework.aop.framework.AopInfrastructureBean
,org.springframework.beans.factory.Aware
,org.springframework.context.ApplicationContextAware
,SecurityExpressionHandler<T>
- Direct Known Subclasses:
DefaultMessageSecurityExpressionHandler
,DefaultMethodSecurityExpressionHandler
,DefaultWebSecurityExpressionHandler
public abstract class AbstractSecurityExpressionHandler<T> extends java.lang.Object implements SecurityExpressionHandler<T>, org.springframework.context.ApplicationContextAware
Base implementation of the facade which isolates Spring Security's requirements for evaluating security expressions from the implementation of the underlying expression objects.- Since:
- 3.1
-
-
Constructor Summary
Constructors Constructor Description AbstractSecurityExpressionHandler()
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description org.springframework.expression.EvaluationContext
createEvaluationContext(Authentication authentication, T invocation)
Invokes the internal template methods to createStandardEvaluationContext
andSecurityExpressionRoot
objects.protected org.springframework.expression.spel.support.StandardEvaluationContext
createEvaluationContextInternal(Authentication authentication, T invocation)
Override to create a custom instance ofStandardEvaluationContext
.protected abstract SecurityExpressionOperations
createSecurityExpressionRoot(Authentication authentication, T invocation)
Implement in order to create a root object of the correct type for the supported invocation type.org.springframework.expression.ExpressionParser
getExpressionParser()
protected PermissionEvaluator
getPermissionEvaluator()
protected RoleHierarchy
getRoleHierarchy()
void
setApplicationContext(org.springframework.context.ApplicationContext applicationContext)
void
setExpressionParser(org.springframework.expression.ExpressionParser expressionParser)
void
setPermissionEvaluator(PermissionEvaluator permissionEvaluator)
void
setRoleHierarchy(RoleHierarchy roleHierarchy)
-
-
-
Method Detail
-
getExpressionParser
public final org.springframework.expression.ExpressionParser getExpressionParser()
- Specified by:
getExpressionParser
in interfaceSecurityExpressionHandler<T>
- Returns:
- an expression parser for the expressions used by the implementation.
-
setExpressionParser
public final void setExpressionParser(org.springframework.expression.ExpressionParser expressionParser)
-
createEvaluationContext
public final org.springframework.expression.EvaluationContext createEvaluationContext(Authentication authentication, T invocation)
Invokes the internal template methods to createStandardEvaluationContext
andSecurityExpressionRoot
objects.- Specified by:
createEvaluationContext
in interfaceSecurityExpressionHandler<T>
- Parameters:
authentication
- the current authentication objectinvocation
- the invocation (filter, method, channel)- Returns:
- the context object for use in evaluating the expression, populated with a suitable root object.
-
createEvaluationContextInternal
protected org.springframework.expression.spel.support.StandardEvaluationContext createEvaluationContextInternal(Authentication authentication, T invocation)
Override to create a custom instance ofStandardEvaluationContext
.The returned object will have a
SecurityExpressionRootPropertyAccessor
added, allowing beans in theApplicationContext
to be accessed via expression properties.- Parameters:
authentication
- the current authentication objectinvocation
- the invocation (filter, method, channel)- Returns:
- A
StandardEvaluationContext
or potentially a custom subclass if overridden.
-
createSecurityExpressionRoot
protected abstract SecurityExpressionOperations createSecurityExpressionRoot(Authentication authentication, T invocation)
Implement in order to create a root object of the correct type for the supported invocation type.- Parameters:
authentication
- the current authentication objectinvocation
- the invocation (filter, method, channel)- Returns:
- the object
-
getRoleHierarchy
protected RoleHierarchy getRoleHierarchy()
-
setRoleHierarchy
public void setRoleHierarchy(RoleHierarchy roleHierarchy)
-
getPermissionEvaluator
protected PermissionEvaluator getPermissionEvaluator()
-
setPermissionEvaluator
public void setPermissionEvaluator(PermissionEvaluator permissionEvaluator)
-
setApplicationContext
public void setApplicationContext(org.springframework.context.ApplicationContext applicationContext)
- Specified by:
setApplicationContext
in interfaceorg.springframework.context.ApplicationContextAware
-
-