Package org.springframework.security.messaging.access.expression

Class DefaultMessageSecurityExpressionHandler<T>

java.lang.Object

org.springframework.security.access.expression.AbstractSecurityExpressionHandler<org.springframework.messaging.Message<T>>

org.springframework.security.messaging.access.expression.DefaultMessageSecurityExpressionHandler<T>

Type Parameters:

T - the type for the body of the Message

All Implemented Interfaces:

org.springframework.aop.framework.AopInfrastructureBean, org.springframework.beans.factory.Aware, org.springframework.context.ApplicationContextAware, SecurityExpressionHandler<org.springframework.messaging.Message<T>>

public class DefaultMessageSecurityExpressionHandler<T>
extends AbstractSecurityExpressionHandler<org.springframework.messaging.Message<T>>

The default implementation of SecurityExpressionHandler which uses a MessageSecurityExpressionRoot.

Since:

4.0

Constructor Summary

Constructors

Constructor	Description
DefaultMessageSecurityExpressionHandler()

Method Summary

Modifier and Type	Method	Description
org.springframework.expression.EvaluationContext	createEvaluationContext(Supplier<Authentication> authentication, org.springframework.messaging.Message<T> message)	Provides an evaluation context in which to evaluate security expressions for the invocation type.
protected SecurityExpressionOperations	createSecurityExpressionRoot(Authentication authentication, org.springframework.messaging.Message<T> invocation)	Implement in order to create a root object of the correct type for the supported invocation type.
void	setTrustResolver(AuthenticationTrustResolver trustResolver)

Methods inherited from class org.springframework.security.access.expression.AbstractSecurityExpressionHandler

createEvaluationContext, createEvaluationContextInternal, getBeanResolver, getExpressionParser, getPermissionEvaluator, getRoleHierarchy, setApplicationContext, setExpressionParser, setPermissionEvaluator, setRoleHierarchy

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

DefaultMessageSecurityExpressionHandler

public DefaultMessageSecurityExpressionHandler()

Method Details

createEvaluationContext

public org.springframework.expression.EvaluationContext createEvaluationContext(Supplier<Authentication> authentication,
 org.springframework.messaging.Message<T> message)

Description copied from interface: SecurityExpressionHandler

Provides an evaluation context in which to evaluate security expressions for the invocation type. You can override this method in order to provide a custom implementation that uses lazy initialization of the Authentication object. By default, this method uses eager initialization of the Authentication object.

Parameters:

authentication - the Supplier of the Authentication to use

message - the SecurityExpressionHandler to use

Returns:

the EvaluationContext to use

createSecurityExpressionRoot

protected SecurityExpressionOperations createSecurityExpressionRoot(Authentication authentication,
 org.springframework.messaging.Message<T> invocation)

Description copied from class: AbstractSecurityExpressionHandler

Implement in order to create a root object of the correct type for the supported invocation type.

Specified by:

createSecurityExpressionRoot in class AbstractSecurityExpressionHandler<org.springframework.messaging.Message<T>>

Parameters:

authentication - the current authentication object

invocation - the invocation (filter, method, channel)

Returns:

the object

setTrustResolver

public void setTrustResolver(AuthenticationTrustResolver trustResolver)