Class DefaultWebInvocationPrivilegeEvaluator
- java.lang.Object
- 
- org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator
 
- 
- All Implemented Interfaces:
- org.springframework.beans.factory.Aware,- WebInvocationPrivilegeEvaluator,- org.springframework.web.context.ServletContextAware
 
 public class DefaultWebInvocationPrivilegeEvaluator extends java.lang.Object implements WebInvocationPrivilegeEvaluator, org.springframework.web.context.ServletContextAware Allows users to determine whether they have privileges for a given web URI.- Since:
- 3.0
 
- 
- 
Field SummaryFields Modifier and Type Field Description protected static org.apache.commons.logging.Loglogger
 - 
Constructor SummaryConstructors Constructor Description DefaultWebInvocationPrivilegeEvaluator(AbstractSecurityInterceptor securityInterceptor)
 - 
Method SummaryAll Methods Instance Methods Concrete Methods Modifier and Type Method Description booleanisAllowed(java.lang.String contextPath, java.lang.String uri, java.lang.String method, Authentication authentication)Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI, with the given .booleanisAllowed(java.lang.String uri, Authentication authentication)Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI.voidsetServletContext(javax.servlet.ServletContext servletContext)
 
- 
- 
- 
Constructor Detail- 
DefaultWebInvocationPrivilegeEvaluatorpublic DefaultWebInvocationPrivilegeEvaluator(AbstractSecurityInterceptor securityInterceptor) 
 
- 
 - 
Method Detail- 
isAllowedpublic boolean isAllowed(java.lang.String uri, Authentication authentication)Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI.- Specified by:
- isAllowedin interface- WebInvocationPrivilegeEvaluator
- Parameters:
- uri- the URI excluding the context path (a default context path setting will be used)
 
 - 
isAllowedpublic boolean isAllowed(java.lang.String contextPath, java.lang.String uri, java.lang.String method, Authentication authentication)Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI, with the given .Note the default implementation of FilterInvocationSecurityMetadataSource disregards the contextPathwhen evaluating which secure object metadata applies to a given request URI, so generally thecontextPathis unimportant unless you are using a customFilterInvocationSecurityMetadataSource.- Specified by:
- isAllowedin interface- WebInvocationPrivilegeEvaluator
- Parameters:
- uri- the URI excluding the context path
- contextPath- the context path (may be null, in which case a default value will be used).
- method- the HTTP method (or null, for any method)
- authentication- the Authentication instance whose authorities should be used in evaluation whether access should be granted.
- Returns:
- true if access is allowed, false if denied
 
 - 
setServletContextpublic void setServletContext(javax.servlet.ServletContext servletContext) - Specified by:
- setServletContextin interface- org.springframework.web.context.ServletContextAware
 
 
- 
 
-