Class SecurityExpressionRoot
- java.lang.Object
-
- org.springframework.security.access.expression.SecurityExpressionRoot
-
- All Implemented Interfaces:
SecurityExpressionOperations
- Direct Known Subclasses:
MessageSecurityExpressionRoot
,WebSecurityExpressionRoot
public abstract class SecurityExpressionRoot extends java.lang.Object implements SecurityExpressionOperations
Base root object for use in Spring Security expression evaluations.- Since:
- 3.0
-
-
Constructor Summary
Constructors Constructor Description SecurityExpressionRoot(java.util.function.Supplier<Authentication> authentication)
Creates a new instance that uses lazy initialization of theAuthentication
object.SecurityExpressionRoot(Authentication authentication)
Creates a new instance
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description boolean
denyAll()
Always denies accessAuthentication
getAuthentication()
Gets theAuthentication
used for evaluating the expressionsjava.lang.Object
getPrincipal()
Convenience method to accessAuthentication.getPrincipal()
fromgetAuthentication()
boolean
hasAnyAuthority(java.lang.String... authorities)
Determines if theSecurityExpressionOperations.getAuthentication()
has any of the specified authorities withinAuthentication.getAuthorities()
.boolean
hasAnyRole(java.lang.String... roles)
Determines if theSecurityExpressionOperations.getAuthentication()
has any of the specified authorities withinAuthentication.getAuthorities()
.boolean
hasAuthority(java.lang.String authority)
Determines if theSecurityExpressionOperations.getAuthentication()
has a particular authority withinAuthentication.getAuthorities()
.boolean
hasPermission(java.lang.Object target, java.lang.Object permission)
Determines if theSecurityExpressionOperations.getAuthentication()
has permission to access the target given the permissionboolean
hasPermission(java.lang.Object targetId, java.lang.String targetType, java.lang.Object permission)
Determines if theSecurityExpressionOperations.getAuthentication()
has permission to access the domain object with a given id, type, and permission.boolean
hasRole(java.lang.String role)
Determines if theSecurityExpressionOperations.getAuthentication()
has a particular authority withinAuthentication.getAuthorities()
.boolean
isAnonymous()
Determines if theSecurityExpressionOperations.getAuthentication()
is anonymousboolean
isAuthenticated()
Determines iftheSecurityExpressionOperations.getAuthentication()
is authenticatedboolean
isFullyAuthenticated()
Determines if theSecurityExpressionOperations.getAuthentication()
authenticated without the use of remember meboolean
isRememberMe()
Determines if theSecurityExpressionOperations.getAuthentication()
was authenticated using remember meboolean
permitAll()
Always grants access.void
setDefaultRolePrefix(java.lang.String defaultRolePrefix)
Sets the default prefix to be added tohasAnyRole(String...)
orhasRole(String)
.void
setPermissionEvaluator(PermissionEvaluator permissionEvaluator)
void
setRoleHierarchy(RoleHierarchy roleHierarchy)
void
setTrustResolver(AuthenticationTrustResolver trustResolver)
-
-
-
Field Detail
-
permitAll
public final boolean permitAll
Allows "permitAll" expression- See Also:
- Constant Field Values
-
denyAll
public final boolean denyAll
Allows "denyAll" expression- See Also:
- Constant Field Values
-
read
public final java.lang.String read
- See Also:
- Constant Field Values
-
write
public final java.lang.String write
- See Also:
- Constant Field Values
-
create
public final java.lang.String create
- See Also:
- Constant Field Values
-
delete
public final java.lang.String delete
- See Also:
- Constant Field Values
-
admin
public final java.lang.String admin
- See Also:
- Constant Field Values
-
-
Constructor Detail
-
SecurityExpressionRoot
public SecurityExpressionRoot(Authentication authentication)
Creates a new instance- Parameters:
authentication
- theAuthentication
to use. Cannot be null.
-
SecurityExpressionRoot
public SecurityExpressionRoot(java.util.function.Supplier<Authentication> authentication)
Creates a new instance that uses lazy initialization of theAuthentication
object.- Parameters:
authentication
- theSupplier
of theAuthentication
to use. Cannot be null.- Since:
- 5.8
-
-
Method Detail
-
hasAuthority
public final boolean hasAuthority(java.lang.String authority)
Description copied from interface:SecurityExpressionOperations
Determines if theSecurityExpressionOperations.getAuthentication()
has a particular authority withinAuthentication.getAuthorities()
.- Specified by:
hasAuthority
in interfaceSecurityExpressionOperations
- Parameters:
authority
- the authority to test (i.e. "ROLE_USER")- Returns:
- true if the authority is found, else false
-
hasAnyAuthority
public final boolean hasAnyAuthority(java.lang.String... authorities)
Description copied from interface:SecurityExpressionOperations
Determines if theSecurityExpressionOperations.getAuthentication()
has any of the specified authorities withinAuthentication.getAuthorities()
.- Specified by:
hasAnyAuthority
in interfaceSecurityExpressionOperations
- Parameters:
authorities
- the authorities to test (i.e. "ROLE_USER", "ROLE_ADMIN")- Returns:
- true if any of the authorities is found, else false
-
hasRole
public final boolean hasRole(java.lang.String role)
Description copied from interface:SecurityExpressionOperations
Determines if the
SecurityExpressionOperations.getAuthentication()
has a particular authority withinAuthentication.getAuthorities()
.This is similar to
SecurityExpressionOperations.hasAuthority(String)
except that this method implies that the String passed in is a role. For example, if "USER" is passed in the implementation may convert it to use "ROLE_USER" instead. The way in which the role is converted may depend on the implementation settings.- Specified by:
hasRole
in interfaceSecurityExpressionOperations
- Parameters:
role
- the authority to test (i.e. "USER")- Returns:
- true if the authority is found, else false
-
hasAnyRole
public final boolean hasAnyRole(java.lang.String... roles)
Description copied from interface:SecurityExpressionOperations
Determines if the
SecurityExpressionOperations.getAuthentication()
has any of the specified authorities withinAuthentication.getAuthorities()
.This is a similar to hasAnyAuthority except that this method implies that the String passed in is a role. For example, if "USER" is passed in the implementation may convert it to use "ROLE_USER" instead. The way in which the role is converted may depend on the implementation settings.
- Specified by:
hasAnyRole
in interfaceSecurityExpressionOperations
- Parameters:
roles
- the authorities to test (i.e. "USER", "ADMIN")- Returns:
- true if any of the authorities is found, else false
-
getAuthentication
public final Authentication getAuthentication()
Description copied from interface:SecurityExpressionOperations
Gets theAuthentication
used for evaluating the expressions- Specified by:
getAuthentication
in interfaceSecurityExpressionOperations
- Returns:
- the
Authentication
for evaluating the expressions
-
permitAll
public final boolean permitAll()
Description copied from interface:SecurityExpressionOperations
Always grants access.- Specified by:
permitAll
in interfaceSecurityExpressionOperations
- Returns:
- true
-
denyAll
public final boolean denyAll()
Description copied from interface:SecurityExpressionOperations
Always denies access- Specified by:
denyAll
in interfaceSecurityExpressionOperations
- Returns:
- false
-
isAnonymous
public final boolean isAnonymous()
Description copied from interface:SecurityExpressionOperations
Determines if theSecurityExpressionOperations.getAuthentication()
is anonymous- Specified by:
isAnonymous
in interfaceSecurityExpressionOperations
- Returns:
- true if the user is anonymous, else false
-
isAuthenticated
public final boolean isAuthenticated()
Description copied from interface:SecurityExpressionOperations
Determines iftheSecurityExpressionOperations.getAuthentication()
is authenticated- Specified by:
isAuthenticated
in interfaceSecurityExpressionOperations
- Returns:
- true if the
SecurityExpressionOperations.getAuthentication()
is authenticated, else false
-
isRememberMe
public final boolean isRememberMe()
Description copied from interface:SecurityExpressionOperations
Determines if theSecurityExpressionOperations.getAuthentication()
was authenticated using remember me- Specified by:
isRememberMe
in interfaceSecurityExpressionOperations
- Returns:
- true if the
SecurityExpressionOperations.getAuthentication()
authenticated using remember me, else false
-
isFullyAuthenticated
public final boolean isFullyAuthenticated()
Description copied from interface:SecurityExpressionOperations
Determines if theSecurityExpressionOperations.getAuthentication()
authenticated without the use of remember me- Specified by:
isFullyAuthenticated
in interfaceSecurityExpressionOperations
- Returns:
- true if the
SecurityExpressionOperations.getAuthentication()
authenticated without the use of remember me, else false
-
getPrincipal
public java.lang.Object getPrincipal()
Convenience method to accessAuthentication.getPrincipal()
fromgetAuthentication()
- Returns:
-
setTrustResolver
public void setTrustResolver(AuthenticationTrustResolver trustResolver)
-
setRoleHierarchy
public void setRoleHierarchy(RoleHierarchy roleHierarchy)
-
setDefaultRolePrefix
public void setDefaultRolePrefix(java.lang.String defaultRolePrefix)
Sets the default prefix to be added to
hasAnyRole(String...)
orhasRole(String)
. For example, if hasRole("ADMIN") or hasRole("ROLE_ADMIN") is passed in, then the role ROLE_ADMIN will be used when the defaultRolePrefix is "ROLE_" (default).If null or empty, then no default role prefix is used.
- Parameters:
defaultRolePrefix
- the default prefix to add to roles. Default "ROLE_".
-
hasPermission
public boolean hasPermission(java.lang.Object target, java.lang.Object permission)
Description copied from interface:SecurityExpressionOperations
Determines if theSecurityExpressionOperations.getAuthentication()
has permission to access the target given the permission- Specified by:
hasPermission
in interfaceSecurityExpressionOperations
- Parameters:
target
- the target domain object to check permission onpermission
- the permission to check on the domain object (i.e. "read", "write", etc).- Returns:
- true if permission is granted to the
SecurityExpressionOperations.getAuthentication()
, else false
-
hasPermission
public boolean hasPermission(java.lang.Object targetId, java.lang.String targetType, java.lang.Object permission)
Description copied from interface:SecurityExpressionOperations
Determines if theSecurityExpressionOperations.getAuthentication()
has permission to access the domain object with a given id, type, and permission.- Specified by:
hasPermission
in interfaceSecurityExpressionOperations
- Parameters:
targetId
- the identifier of the domain object to determine accesstargetType
- the type (i.e. com.example.domain.Message)permission
- the perission to check on the domain object (i.e. "read", "write", etc)- Returns:
- true if permission is granted to the
SecurityExpressionOperations.getAuthentication()
, else false
-
setPermissionEvaluator
public void setPermissionEvaluator(PermissionEvaluator permissionEvaluator)
-
-