Class RequestMatcherDelegatingWebInvocationPrivilegeEvaluator
java.lang.Object
org.springframework.security.web.access.RequestMatcherDelegatingWebInvocationPrivilegeEvaluator
- All Implemented Interfaces:
WebInvocationPrivilegeEvaluator
public final class RequestMatcherDelegatingWebInvocationPrivilegeEvaluator
extends Object
implements WebInvocationPrivilegeEvaluator
A
WebInvocationPrivilegeEvaluator
which delegates to a list of
WebInvocationPrivilegeEvaluator
based on a
RequestMatcher
evaluation- Since:
- 5.5.5
-
Constructor Summary
ConstructorDescriptionRequestMatcherDelegatingWebInvocationPrivilegeEvaluator
(List<RequestMatcherEntry<List<WebInvocationPrivilegeEvaluator>>> requestMatcherPrivilegeEvaluatorsEntries) -
Method Summary
Modifier and TypeMethodDescriptionboolean
isAllowed
(String contextPath, String uri, String method, Authentication authentication) Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI.boolean
isAllowed
(String uri, Authentication authentication) Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI.
-
Constructor Details
-
RequestMatcherDelegatingWebInvocationPrivilegeEvaluator
public RequestMatcherDelegatingWebInvocationPrivilegeEvaluator(List<RequestMatcherEntry<List<WebInvocationPrivilegeEvaluator>>> requestMatcherPrivilegeEvaluatorsEntries)
-
-
Method Details
-
isAllowed
Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI.Uses the provided URI in the
RequestMatcher.matches(HttpServletRequest)
for everyRequestMatcher
configured. If noRequestMatcher
is matched, or if there is not an availableWebInvocationPrivilegeEvaluator
, returnstrue
.- Specified by:
isAllowed
in interfaceWebInvocationPrivilegeEvaluator
- Parameters:
uri
- the URI excluding the context path (a default context path setting will be used)- Returns:
- true if access is allowed, false if denied
-
isAllowed
public boolean isAllowed(String contextPath, String uri, String method, Authentication authentication) Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI.Uses the provided URI in the
RequestMatcher.matches(HttpServletRequest)
for everyRequestMatcher
configured. If noRequestMatcher
is matched, or if there is not an availableWebInvocationPrivilegeEvaluator
, returnstrue
.- Specified by:
isAllowed
in interfaceWebInvocationPrivilegeEvaluator
- Parameters:
uri
- the URI excluding the context path (a default context path setting will be used)contextPath
- the context path (may be null, in which case a default value will be used).method
- the HTTP method (or null, for any method)authentication
- the Authentication instance whose authorities should be used in evaluation whether access should be granted.- Returns:
- true if access is allowed, false if denied
-