Interface SecurityExpressionHandler<T>

All Superinterfaces:
org.springframework.aop.framework.AopInfrastructureBean
All Known Subinterfaces:
MethodSecurityExpressionHandler
All Known Implementing Classes:
AbstractSecurityExpressionHandler, DefaultHttpSecurityExpressionHandler, DefaultMessageSecurityExpressionHandler, DefaultMethodSecurityExpressionHandler, DefaultWebSecurityExpressionHandler, MessageAuthorizationContextSecurityExpressionHandler

public interface SecurityExpressionHandler<T> extends org.springframework.aop.framework.AopInfrastructureBean
Facade which isolates Spring Security's requirements for evaluating security expressions from the implementation of the underlying expression objects
Since:
3.1
  • Method Summary

    Modifier and Type
    Method
    Description
    default org.springframework.expression.EvaluationContext
    createEvaluationContext(Supplier<Authentication> authentication, T invocation)
    Provides an evaluation context in which to evaluate security expressions for the invocation type.
    org.springframework.expression.EvaluationContext
    createEvaluationContext(Authentication authentication, T invocation)
    Provides an evaluation context in which to evaluate security expressions for the invocation type.
    org.springframework.expression.ExpressionParser
     
  • Method Details

    • getExpressionParser

      org.springframework.expression.ExpressionParser getExpressionParser()
      Returns:
      an expression parser for the expressions used by the implementation.
    • createEvaluationContext

      org.springframework.expression.EvaluationContext createEvaluationContext(Authentication authentication, T invocation)
      Provides an evaluation context in which to evaluate security expressions for the invocation type.
    • createEvaluationContext

      default org.springframework.expression.EvaluationContext createEvaluationContext(Supplier<Authentication> authentication, T invocation)
      Provides an evaluation context in which to evaluate security expressions for the invocation type. You can override this method in order to provide a custom implementation that uses lazy initialization of the Authentication object. By default, this method uses eager initialization of the Authentication object.
      Parameters:
      authentication - the Supplier of the Authentication to use
      invocation - the SecurityExpressionHandler to use
      Returns:
      the EvaluationContext to use
      Since:
      5.8