Interface WebInvocationPrivilegeEvaluator

    • Method Summary

      All Methods Instance Methods Abstract Methods 
      Modifier and Type Method Description
      boolean isAllowed​(java.lang.String contextPath, java.lang.String uri, java.lang.String method, Authentication authentication)
      Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI, with the given .
      boolean isAllowed​(java.lang.String uri, Authentication authentication)
      Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI.
    • Method Detail

      • isAllowed

        boolean isAllowed​(java.lang.String uri,
                          Authentication authentication)
        Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI.
        Parameters:
        uri - the URI excluding the context path (a default context path setting will be used)
      • isAllowed

        boolean isAllowed​(java.lang.String contextPath,
                          java.lang.String uri,
                          java.lang.String method,
                          Authentication authentication)
        Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI, with the given .

        Note the default implementation of FilterInvocationSecurityMetadataSource disregards the contextPath when evaluating which secure object metadata applies to a given request URI, so generally the contextPath is unimportant unless you are using a custom FilterInvocationSecurityMetadataSource.

        Parameters:
        uri - the URI excluding the context path
        contextPath - the context path (may be null).
        method - the HTTP method (or null, for any method)
        authentication - the Authentication instance whose authorities should be used in evaluation whether access should be granted.
        Returns:
        true if access is allowed, false if denied