Class AuthorizationManagerWebInvocationPrivilegeEvaluator

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      boolean isAllowed​(java.lang.String contextPath, java.lang.String uri, java.lang.String method, Authentication authentication)
      Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI, with the given .
      boolean isAllowed​(java.lang.String uri, Authentication authentication)
      Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI.
      void setServletContext​(javax.servlet.ServletContext servletContext)  
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Constructor Detail

      • AuthorizationManagerWebInvocationPrivilegeEvaluator

        public AuthorizationManagerWebInvocationPrivilegeEvaluator​(AuthorizationManager<javax.servlet.http.HttpServletRequest> authorizationManager)
    • Method Detail

      • isAllowed

        public boolean isAllowed​(java.lang.String uri,
                                 Authentication authentication)
        Description copied from interface: WebInvocationPrivilegeEvaluator
        Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI.
        Specified by:
        isAllowed in interface WebInvocationPrivilegeEvaluator
        Parameters:
        uri - the URI excluding the context path (a default context path setting will be used)
      • isAllowed

        public boolean isAllowed​(java.lang.String contextPath,
                                 java.lang.String uri,
                                 java.lang.String method,
                                 Authentication authentication)
        Description copied from interface: WebInvocationPrivilegeEvaluator
        Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI, with the given .

        Note the default implementation of FilterInvocationSecurityMetadataSource disregards the contextPath when evaluating which secure object metadata applies to a given request URI, so generally the contextPath is unimportant unless you are using a custom FilterInvocationSecurityMetadataSource.

        Specified by:
        isAllowed in interface WebInvocationPrivilegeEvaluator
        Parameters:
        contextPath - the context path (may be null).
        uri - the URI excluding the context path
        method - the HTTP method (or null, for any method)
        authentication - the Authentication instance whose authorities should be used in evaluation whether access should be granted.
        Returns:
        true if access is allowed, false if denied
      • setServletContext

        public void setServletContext​(javax.servlet.ServletContext servletContext)
        Specified by:
        setServletContext in interface org.springframework.web.context.ServletContextAware