Class AbstractSecurityExpressionHandler<T>

java.lang.Object
org.springframework.security.access.expression.AbstractSecurityExpressionHandler<T>
All Implemented Interfaces:
org.springframework.aop.framework.AopInfrastructureBean, org.springframework.beans.factory.Aware, org.springframework.context.ApplicationContextAware, SecurityExpressionHandler<T>
Direct Known Subclasses:
DefaultHttpSecurityExpressionHandler, DefaultMessageSecurityExpressionHandler, DefaultMethodSecurityExpressionHandler, DefaultWebSecurityExpressionHandler

public abstract class AbstractSecurityExpressionHandler<T> extends Object implements SecurityExpressionHandler<T>, org.springframework.context.ApplicationContextAware
Base implementation of the facade which isolates Spring Security's requirements for evaluating security expressions from the implementation of the underlying expression objects.
Since:
3.1
  • Constructor Details

    • AbstractSecurityExpressionHandler

      public AbstractSecurityExpressionHandler()
  • Method Details

    • getExpressionParser

      public final org.springframework.expression.ExpressionParser getExpressionParser()
      Specified by:
      getExpressionParser in interface SecurityExpressionHandler<T>
      Returns:
      an expression parser for the expressions used by the implementation.
    • setExpressionParser

      public final void setExpressionParser(org.springframework.expression.ExpressionParser expressionParser)
    • createEvaluationContext

      public final org.springframework.expression.EvaluationContext createEvaluationContext(Authentication authentication, T invocation)
      Invokes the internal template methods to create StandardEvaluationContext and SecurityExpressionRoot objects.
      Specified by:
      createEvaluationContext in interface SecurityExpressionHandler<T>
      Parameters:
      authentication - the current authentication object
      invocation - the invocation (filter, method, channel)
      Returns:
      the context object for use in evaluating the expression, populated with a suitable root object.
    • createEvaluationContextInternal

      protected org.springframework.expression.spel.support.StandardEvaluationContext createEvaluationContextInternal(Authentication authentication, T invocation)
      Override to create a custom instance of StandardEvaluationContext.

      The returned object will have a SecurityExpressionRootPropertyAccessor added, allowing beans in the ApplicationContext to be accessed via expression properties.

      Parameters:
      authentication - the current authentication object
      invocation - the invocation (filter, method, channel)
      Returns:
      A StandardEvaluationContext or potentially a custom subclass if overridden.
    • createSecurityExpressionRoot

      protected abstract SecurityExpressionOperations createSecurityExpressionRoot(Authentication authentication, T invocation)
      Implement in order to create a root object of the correct type for the supported invocation type.
      Parameters:
      authentication - the current authentication object
      invocation - the invocation (filter, method, channel)
      Returns:
      the object
    • getRoleHierarchy

      protected RoleHierarchy getRoleHierarchy()
    • setRoleHierarchy

      public void setRoleHierarchy(RoleHierarchy roleHierarchy)
    • getPermissionEvaluator

      protected PermissionEvaluator getPermissionEvaluator()
    • setPermissionEvaluator

      public void setPermissionEvaluator(PermissionEvaluator permissionEvaluator)
    • setApplicationContext

      public void setApplicationContext(org.springframework.context.ApplicationContext applicationContext)
      Specified by:
      setApplicationContext in interface org.springframework.context.ApplicationContextAware