Class Jsr250AuthorizationManager

java.lang.Object
org.springframework.security.authorization.method.Jsr250AuthorizationManager
All Implemented Interfaces:
AuthorizationManager<org.aopalliance.intercept.MethodInvocation>

public final class Jsr250AuthorizationManager extends Object implements AuthorizationManager<org.aopalliance.intercept.MethodInvocation>
An AuthorizationManager which can determine if an Authentication may invoke the MethodInvocation by evaluating if the Authentication contains a specified authority from the JSR-250 security annotations.
Since:
5.6
  • Constructor Details

    • Jsr250AuthorizationManager

      public Jsr250AuthorizationManager()
  • Method Details

    • setRolePrefix

      public void setRolePrefix(String rolePrefix)
      Sets the role prefix. Defaults to "ROLE_".
      Parameters:
      rolePrefix - the role prefix to use
    • check

      public AuthorizationDecision check(Supplier<Authentication> authentication, org.aopalliance.intercept.MethodInvocation methodInvocation)
      Determine if an Authentication has access to a method by evaluating the DenyAll, PermitAll, and RolesAllowed annotations that MethodInvocation specifies.
      Specified by:
      check in interface AuthorizationManager<org.aopalliance.intercept.MethodInvocation>
      Parameters:
      authentication - the Supplier of the Authentication to check
      methodInvocation - the MethodInvocation to check
      Returns:
      an AuthorizationDecision or null if the JSR-250 security annotations is not present