WebInvocationPrivilegeEvaluator (spring-security-docs 5.6.3 API)

All Known Implementing Classes:

AuthorizationManagerWebInvocationPrivilegeEvaluator, DefaultWebInvocationPrivilegeEvaluator, RequestMatcherDelegatingWebInvocationPrivilegeEvaluator
```
public interface WebInvocationPrivilegeEvaluator
```
Allows users to determine whether they have privileges for a given web URI.

Since:

3.0

Method Summary

All Methods Instance Methods Abstract Methods
Modifier and Type	Method	Description
`boolean`	`isAllowed(java.lang.String contextPath, java.lang.String uri, java.lang.String method, Authentication authentication)`	Determines whether the user represented by the supplied `Authentication` object is allowed to invoke the supplied URI, with the given .
`boolean`	`isAllowed(java.lang.String uri, Authentication authentication)`	Determines whether the user represented by the supplied `Authentication` object is allowed to invoke the supplied URI.

- Method Detail
  - isAllowed
```
boolean isAllowed(java.lang.String uri,
                  Authentication authentication)
```
    Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI.
    
    Parameters:
    
    uri - the URI excluding the context path (a default context path setting will be used)
  - isAllowed
```
boolean isAllowed(java.lang.String contextPath,
                  java.lang.String uri,
                  java.lang.String method,
                  Authentication authentication)
```
    Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI, with the given .
    Note the default implementation of FilterInvocationSecurityMetadataSource disregards the contextPath when evaluating which secure object metadata applies to a given request URI, so generally the contextPath is unimportant unless you are using a custom FilterInvocationSecurityMetadataSource.
    
    Parameters:
    
    uri - the URI excluding the context path
    
    contextPath - the context path (may be null).
    
    method - the HTTP method (or null, for any method)
    
    authentication - the Authentication instance whose authorities should be used in evaluation whether access should be granted.
    
    Returns:
    
    true if access is allowed, false if denied