Class DefaultMethodSecurityExpressionHandler
- java.lang.Object
-
- org.springframework.security.access.expression.AbstractSecurityExpressionHandler<org.aopalliance.intercept.MethodInvocation>
-
- org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler
-
- All Implemented Interfaces:
org.springframework.aop.framework.AopInfrastructureBean
,org.springframework.beans.factory.Aware
,org.springframework.context.ApplicationContextAware
,MethodSecurityExpressionHandler
,SecurityExpressionHandler<org.aopalliance.intercept.MethodInvocation>
public class DefaultMethodSecurityExpressionHandler extends AbstractSecurityExpressionHandler<org.aopalliance.intercept.MethodInvocation> implements MethodSecurityExpressionHandler
The standard implementation ofMethodSecurityExpressionHandler
.A single instance should usually be shared amongst the beans that require expression support.
- Since:
- 3.0
-
-
Field Summary
Fields Modifier and Type Field Description protected org.apache.commons.logging.Log
logger
-
Constructor Summary
Constructors Constructor Description DefaultMethodSecurityExpressionHandler()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description org.springframework.expression.EvaluationContext
createEvaluationContext(java.util.function.Supplier<Authentication> authentication, org.aopalliance.intercept.MethodInvocation mi)
Provides an evaluation context in which to evaluate security expressions for the invocation type.org.springframework.expression.spel.support.StandardEvaluationContext
createEvaluationContextInternal(Authentication auth, org.aopalliance.intercept.MethodInvocation mi)
Uses aMethodSecurityEvaluationContext
as the EvaluationContext implementation.protected MethodSecurityExpressionOperations
createSecurityExpressionRoot(Authentication authentication, org.aopalliance.intercept.MethodInvocation invocation)
Creates the root object for expression evaluation.java.lang.Object
filter(java.lang.Object filterTarget, org.springframework.expression.Expression filterExpression, org.springframework.expression.EvaluationContext ctx)
Filters thefilterTarget
object (which must be either a collection, array, map or stream), by evaluating the supplied expression.protected java.lang.String
getDefaultRolePrefix()
protected org.springframework.core.ParameterNameDiscoverer
getParameterNameDiscoverer()
protected AuthenticationTrustResolver
getTrustResolver()
void
setDefaultRolePrefix(java.lang.String defaultRolePrefix)
Sets the default prefix to be added toSecurityExpressionRoot.hasAnyRole(String...)
orSecurityExpressionRoot.hasRole(String)
.void
setParameterNameDiscoverer(org.springframework.core.ParameterNameDiscoverer parameterNameDiscoverer)
Sets theParameterNameDiscoverer
to use.void
setPermissionCacheOptimizer(PermissionCacheOptimizer permissionCacheOptimizer)
void
setReturnObject(java.lang.Object returnObject, org.springframework.expression.EvaluationContext ctx)
Used to inform the expression system of the return object for the given evaluation context.void
setTrustResolver(AuthenticationTrustResolver trustResolver)
Sets theAuthenticationTrustResolver
to be used.-
Methods inherited from class org.springframework.security.access.expression.AbstractSecurityExpressionHandler
createEvaluationContext, getBeanResolver, getExpressionParser, getPermissionEvaluator, getRoleHierarchy, setApplicationContext, setExpressionParser, setPermissionEvaluator, setRoleHierarchy
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.springframework.security.access.expression.SecurityExpressionHandler
createEvaluationContext, getExpressionParser
-
-
-
-
Method Detail
-
createEvaluationContextInternal
public org.springframework.expression.spel.support.StandardEvaluationContext createEvaluationContextInternal(Authentication auth, org.aopalliance.intercept.MethodInvocation mi)
Uses aMethodSecurityEvaluationContext
as the EvaluationContext implementation.- Overrides:
createEvaluationContextInternal
in classAbstractSecurityExpressionHandler<org.aopalliance.intercept.MethodInvocation>
- Parameters:
auth
- the current authentication objectmi
- the invocation (filter, method, channel)- Returns:
- A
StandardEvaluationContext
or potentially a custom subclass if overridden.
-
createEvaluationContext
public org.springframework.expression.EvaluationContext createEvaluationContext(java.util.function.Supplier<Authentication> authentication, org.aopalliance.intercept.MethodInvocation mi)
Description copied from interface:SecurityExpressionHandler
Provides an evaluation context in which to evaluate security expressions for the invocation type. You can override this method in order to provide a custom implementation that uses lazy initialization of theAuthentication
object. By default, this method uses eager initialization of theAuthentication
object.- Specified by:
createEvaluationContext
in interfaceSecurityExpressionHandler<org.aopalliance.intercept.MethodInvocation>
- Parameters:
authentication
- theSupplier
of theAuthentication
to usemi
- theSecurityExpressionHandler
to use- Returns:
- the
EvaluationContext
to use
-
createSecurityExpressionRoot
protected MethodSecurityExpressionOperations createSecurityExpressionRoot(Authentication authentication, org.aopalliance.intercept.MethodInvocation invocation)
Creates the root object for expression evaluation.- Specified by:
createSecurityExpressionRoot
in classAbstractSecurityExpressionHandler<org.aopalliance.intercept.MethodInvocation>
- Parameters:
authentication
- the current authentication objectinvocation
- the invocation (filter, method, channel)- Returns:
- the object
-
filter
public java.lang.Object filter(java.lang.Object filterTarget, org.springframework.expression.Expression filterExpression, org.springframework.expression.EvaluationContext ctx)
Filters thefilterTarget
object (which must be either a collection, array, map or stream), by evaluating the supplied expression.If a
Collection
orMap
is used, the original instance will be modified to contain the elements for which the permission expression evaluates totrue
. For an array, a new array instance will be returned.- Specified by:
filter
in interfaceMethodSecurityExpressionHandler
- Parameters:
filterTarget
- the array or collection to be filtered.filterExpression
- the expression which should be used as the filter condition. If it returns false on evaluation, the object will be removed from the returned collectionctx
- the current evaluation context (as created through a call toSecurityExpressionHandler.createEvaluationContext(org.springframework.security.core.Authentication, Object)
- Returns:
- the filtered collection or array
-
setTrustResolver
public void setTrustResolver(AuthenticationTrustResolver trustResolver)
Sets theAuthenticationTrustResolver
to be used. The default isAuthenticationTrustResolverImpl
.- Parameters:
trustResolver
- theAuthenticationTrustResolver
to use. Cannot be null.
-
getTrustResolver
protected AuthenticationTrustResolver getTrustResolver()
- Returns:
- The current
AuthenticationTrustResolver
-
setParameterNameDiscoverer
public void setParameterNameDiscoverer(org.springframework.core.ParameterNameDiscoverer parameterNameDiscoverer)
Sets theParameterNameDiscoverer
to use. The default isDefaultSecurityParameterNameDiscoverer
.- Parameters:
parameterNameDiscoverer
-
-
getParameterNameDiscoverer
protected org.springframework.core.ParameterNameDiscoverer getParameterNameDiscoverer()
- Returns:
- The current
ParameterNameDiscoverer
-
setPermissionCacheOptimizer
public void setPermissionCacheOptimizer(PermissionCacheOptimizer permissionCacheOptimizer)
-
setReturnObject
public void setReturnObject(java.lang.Object returnObject, org.springframework.expression.EvaluationContext ctx)
Description copied from interface:MethodSecurityExpressionHandler
Used to inform the expression system of the return object for the given evaluation context. Only applies to method invocations.- Specified by:
setReturnObject
in interfaceMethodSecurityExpressionHandler
- Parameters:
returnObject
- the return object valuectx
- the context within which the object should be set (as created through a call toSecurityExpressionHandler.createEvaluationContext(org.springframework.security.core.Authentication, Object)
-
setDefaultRolePrefix
public void setDefaultRolePrefix(java.lang.String defaultRolePrefix)
Sets the default prefix to be added to
SecurityExpressionRoot.hasAnyRole(String...)
orSecurityExpressionRoot.hasRole(String)
. For example, if hasRole("ADMIN") or hasRole("ROLE_ADMIN") is passed in, then the role ROLE_ADMIN will be used when the defaultRolePrefix is "ROLE_" (default).If null or empty, then no default role prefix is used.
- Parameters:
defaultRolePrefix
- the default prefix to add to roles. Default "ROLE_".
-
getDefaultRolePrefix
protected java.lang.String getDefaultRolePrefix()
- Returns:
- The default role prefix
-
-