Class RequestMatcherDelegatingWebInvocationPrivilegeEvaluator

java.lang.Object
org.springframework.security.web.access.RequestMatcherDelegatingWebInvocationPrivilegeEvaluator
All Implemented Interfaces:
WebInvocationPrivilegeEvaluator

public final class RequestMatcherDelegatingWebInvocationPrivilegeEvaluator extends Object implements WebInvocationPrivilegeEvaluator
A WebInvocationPrivilegeEvaluator which delegates to a list of WebInvocationPrivilegeEvaluator based on a RequestMatcher evaluation
Since:
5.5.5
  • Constructor Details

  • Method Details

    • isAllowed

      public boolean isAllowed(String uri, Authentication authentication)
      Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI.

      Uses the provided URI in the RequestMatcher.matches(HttpServletRequest) for every RequestMatcher configured. If no RequestMatcher is matched, or if there is not an available WebInvocationPrivilegeEvaluator, returns true.

      Specified by:
      isAllowed in interface WebInvocationPrivilegeEvaluator
      Parameters:
      uri - the URI excluding the context path (a default context path setting will be used)
      Returns:
      true if access is allowed, false if denied
    • isAllowed

      public boolean isAllowed(String contextPath, String uri, String method, Authentication authentication)
      Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI.

      Uses the provided URI in the RequestMatcher.matches(HttpServletRequest) for every RequestMatcher configured. If no RequestMatcher is matched, or if there is not an available WebInvocationPrivilegeEvaluator, returns true.

      Specified by:
      isAllowed in interface WebInvocationPrivilegeEvaluator
      Parameters:
      uri - the URI excluding the context path (a default context path setting will be used)
      contextPath - the context path (may be null, in which case a default value will be used).
      method - the HTTP method (or null, for any method)
      authentication - the Authentication instance whose authorities should be used in evaluation whether access should be granted.
      Returns:
      true if access is allowed, false if denied