Package org.springframework.security.web.access

Class DefaultWebInvocationPrivilegeEvaluator

java.lang.Object

org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator

All Implemented Interfaces:

org.springframework.beans.factory.Aware, WebInvocationPrivilegeEvaluator, org.springframework.web.context.ServletContextAware

@Deprecated
public class DefaultWebInvocationPrivilegeEvaluator
extends Object
implements WebInvocationPrivilegeEvaluator, org.springframework.web.context.ServletContextAware

Deprecated.

Use AuthorizationManagerWebInvocationPrivilegeEvaluator instead

Allows users to determine whether they have privileges for a given web URI.

Since:

3.0

Field Summary

Fields

Modifier and Type	Field	Description
protected static final org.apache.commons.logging.Log	logger	Deprecated.

Constructor Summary

Constructors

Constructor	Description
DefaultWebInvocationPrivilegeEvaluator(AbstractSecurityInterceptor securityInterceptor)	Deprecated.

Method Summary

Modifier and Type	Method	Description
boolean	isAllowed(String contextPath, String uri, String method, Authentication authentication)	Deprecated. Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI, with the given .
boolean	isAllowed(String uri, Authentication authentication)	Deprecated. Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI.
void	setServletContext(jakarta.servlet.ServletContext servletContext)	Deprecated.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

logger

protected static final org.apache.commons.logging.Log logger

Deprecated.

Constructor Details

DefaultWebInvocationPrivilegeEvaluator

public DefaultWebInvocationPrivilegeEvaluator(AbstractSecurityInterceptor securityInterceptor)

Deprecated.

Method Details

isAllowed

public boolean isAllowed(String uri,
 Authentication authentication)

Deprecated.

Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI.

Specified by:

isAllowed in interface WebInvocationPrivilegeEvaluator

Parameters:

uri - the URI excluding the context path (a default context path setting will be used)

isAllowed

public boolean isAllowed(String contextPath,
 String uri,
 String method,
 Authentication authentication)

Deprecated.

Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI, with the given .

Note the default implementation of FilterInvocationSecurityMetadataSource disregards the contextPath when evaluating which secure object metadata applies to a given request URI, so generally the contextPath is unimportant unless you are using a custom FilterInvocationSecurityMetadataSource.

Specified by:

isAllowed in interface WebInvocationPrivilegeEvaluator

Parameters:

uri - the URI excluding the context path

contextPath - the context path (may be null, in which case a default value will be used).

method - the HTTP method (or null, for any method)

authentication - the Authentication instance whose authorities should be used in evaluation whether access should be granted.

Returns:

true if access is allowed, false if denied

setServletContext

public void setServletContext(jakarta.servlet.ServletContext servletContext)

Deprecated.

Specified by:

setServletContext in interface org.springframework.web.context.ServletContextAware