Package org.springframework.security.web.access.expression

Class DefaultHttpSecurityExpressionHandler

java.lang.Object

org.springframework.security.access.expression.AbstractSecurityExpressionHandler<RequestAuthorizationContext>

org.springframework.security.web.access.expression.DefaultHttpSecurityExpressionHandler

All Implemented Interfaces:

org.springframework.aop.framework.AopInfrastructureBean, org.springframework.beans.factory.Aware, org.springframework.context.ApplicationContextAware, SecurityExpressionHandler<RequestAuthorizationContext>

public class DefaultHttpSecurityExpressionHandler
extends AbstractSecurityExpressionHandler<RequestAuthorizationContext>
implements SecurityExpressionHandler<RequestAuthorizationContext>

A SecurityExpressionHandler that uses a RequestAuthorizationContext to create a WebSecurityExpressionRoot.

Since:

5.8

Constructor Summary

Constructors

Constructor	Description
DefaultHttpSecurityExpressionHandler()

Method Summary

Modifier and Type	Method	Description
org.springframework.expression.EvaluationContext	createEvaluationContext(java.util.function.Supplier<Authentication> authentication, RequestAuthorizationContext context)	Provides an evaluation context in which to evaluate security expressions for the invocation type.
protected SecurityExpressionOperations	createSecurityExpressionRoot(Authentication authentication, RequestAuthorizationContext context)	Implement in order to create a root object of the correct type for the supported invocation type.
void	setDefaultRolePrefix(java.lang.String defaultRolePrefix)	Sets the default prefix to be added to SecurityExpressionRoot.hasAnyRole(String...) or SecurityExpressionRoot.hasRole(String).
void	setTrustResolver(AuthenticationTrustResolver trustResolver)	Sets the AuthenticationTrustResolver to be used.

Methods inherited from class org.springframework.security.access.expression.AbstractSecurityExpressionHandler

createEvaluationContext, createEvaluationContextInternal, getBeanResolver, getExpressionParser, getPermissionEvaluator, getRoleHierarchy, setApplicationContext, setExpressionParser, setPermissionEvaluator, setRoleHierarchy

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.springframework.security.access.expression.SecurityExpressionHandler

createEvaluationContext, getExpressionParser

Constructor Detail

DefaultHttpSecurityExpressionHandler

public DefaultHttpSecurityExpressionHandler()

Method Detail

createEvaluationContext

public org.springframework.expression.EvaluationContext createEvaluationContext(java.util.function.Supplier<Authentication> authentication,
                                                                                RequestAuthorizationContext context)

Description copied from interface: SecurityExpressionHandler

Provides an evaluation context in which to evaluate security expressions for the invocation type. You can override this method in order to provide a custom implementation that uses lazy initialization of the Authentication object. By default, this method uses eager initialization of the Authentication object.

Specified by:

createEvaluationContext in interface SecurityExpressionHandler<RequestAuthorizationContext>

Parameters:

authentication - the Supplier of the Authentication to use

context - the SecurityExpressionHandler to use

Returns:

the EvaluationContext to use

createSecurityExpressionRoot

protected SecurityExpressionOperations createSecurityExpressionRoot(Authentication authentication,
                                                                    RequestAuthorizationContext context)

Description copied from class: AbstractSecurityExpressionHandler

Implement in order to create a root object of the correct type for the supported invocation type.

Specified by:

createSecurityExpressionRoot in class AbstractSecurityExpressionHandler<RequestAuthorizationContext>

Parameters:

authentication - the current authentication object

context - the invocation (filter, method, channel)

Returns:

the object

setTrustResolver

public void setTrustResolver(AuthenticationTrustResolver trustResolver)

Sets the AuthenticationTrustResolver to be used. The default is AuthenticationTrustResolverImpl.

Parameters:

trustResolver - the AuthenticationTrustResolver to use

setDefaultRolePrefix

public void setDefaultRolePrefix(java.lang.String defaultRolePrefix)

Sets the default prefix to be added to SecurityExpressionRoot.hasAnyRole(String...) or SecurityExpressionRoot.hasRole(String). For example, if hasRole("ADMIN") or hasRole("ROLE_ADMIN") is passed in, then the role ROLE_ADMIN will be used when the defaultRolePrefix is "ROLE_" (default).

Parameters:

defaultRolePrefix - the default prefix to add to roles. The default is "ROLE_".