Interface SecurityExpressionOperations

All Known Subinterfaces:
MethodSecurityExpressionOperations
All Known Implementing Classes:
MessageSecurityExpressionRoot, SecurityExpressionRoot, WebSecurityExpressionRoot

public interface SecurityExpressionOperations
Standard interface for expression root objects used with expression-based security.
Since:
3.1.1
  • Method Details

    • getAuthentication

      Authentication getAuthentication()
      Gets the Authentication used for evaluating the expressions
      Returns:
      the Authentication for evaluating the expressions
    • hasAuthority

      boolean hasAuthority(String authority)
      Determines if the getAuthentication() has a particular authority within Authentication.getAuthorities().
      Parameters:
      authority - the authority to test (i.e. "ROLE_USER")
      Returns:
      true if the authority is found, else false
    • hasAnyAuthority

      boolean hasAnyAuthority(String... authorities)
      Determines if the getAuthentication() has any of the specified authorities within Authentication.getAuthorities().
      Parameters:
      authorities - the authorities to test (i.e. "ROLE_USER", "ROLE_ADMIN")
      Returns:
      true if any of the authorities is found, else false
    • hasRole

      boolean hasRole(String role)

      Determines if the getAuthentication() has a particular authority within Authentication.getAuthorities().

      This is similar to hasAuthority(String) except that this method implies that the String passed in is a role. For example, if "USER" is passed in the implementation may convert it to use "ROLE_USER" instead. The way in which the role is converted may depend on the implementation settings.

      Parameters:
      role - the authority to test (i.e. "USER")
      Returns:
      true if the authority is found, else false
    • hasAnyRole

      boolean hasAnyRole(String... roles)

      Determines if the getAuthentication() has any of the specified authorities within Authentication.getAuthorities().

      This is a similar to hasAnyAuthority except that this method implies that the String passed in is a role. For example, if "USER" is passed in the implementation may convert it to use "ROLE_USER" instead. The way in which the role is converted may depend on the implementation settings.

      Parameters:
      roles - the authorities to test (i.e. "USER", "ADMIN")
      Returns:
      true if any of the authorities is found, else false
    • permitAll

      boolean permitAll()
      Always grants access.
      Returns:
      true
    • denyAll

      boolean denyAll()
      Always denies access
      Returns:
      false
    • isAnonymous

      boolean isAnonymous()
      Determines if the getAuthentication() is anonymous
      Returns:
      true if the user is anonymous, else false
    • isAuthenticated

      boolean isAuthenticated()
      Determines ifthe getAuthentication() is authenticated
      Returns:
      true if the getAuthentication() is authenticated, else false
    • isRememberMe

      boolean isRememberMe()
      Determines if the getAuthentication() was authenticated using remember me
      Returns:
      true if the getAuthentication() authenticated using remember me, else false
    • isFullyAuthenticated

      boolean isFullyAuthenticated()
      Determines if the getAuthentication() authenticated without the use of remember me
      Returns:
      true if the getAuthentication() authenticated without the use of remember me, else false
    • hasPermission

      boolean hasPermission(Object target, Object permission)
      Determines if the getAuthentication() has permission to access the target given the permission
      Parameters:
      target - the target domain object to check permission on
      permission - the permission to check on the domain object (i.e. "read", "write", etc).
      Returns:
      true if permission is granted to the getAuthentication(), else false
    • hasPermission

      boolean hasPermission(Object targetId, String targetType, Object permission)
      Determines if the getAuthentication() has permission to access the domain object with a given id, type, and permission.
      Parameters:
      targetId - the identifier of the domain object to determine access
      targetType - the type (i.e. com.example.domain.Message)
      permission - the perission to check on the domain object (i.e. "read", "write", etc)
      Returns:
      true if permission is granted to the getAuthentication(), else false