Class DefaultMessageSecurityExpressionHandler<T>
java.lang.Object
org.springframework.security.access.expression.AbstractSecurityExpressionHandler<org.springframework.messaging.Message<T>>
org.springframework.security.messaging.access.expression.DefaultMessageSecurityExpressionHandler<T>
- Type Parameters:
T
- the type for the body of the Message
- All Implemented Interfaces:
org.springframework.aop.framework.AopInfrastructureBean
,org.springframework.beans.factory.Aware
,org.springframework.context.ApplicationContextAware
,SecurityExpressionHandler<org.springframework.messaging.Message<T>>
public class DefaultMessageSecurityExpressionHandler<T>
extends AbstractSecurityExpressionHandler<org.springframework.messaging.Message<T>>
The default implementation of
SecurityExpressionHandler
which uses a
MessageSecurityExpressionRoot
.- Since:
- 4.0
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionorg.springframework.expression.EvaluationContext
createEvaluationContext
(Supplier<Authentication> authentication, org.springframework.messaging.Message<T> message) Provides an evaluation context in which to evaluate security expressions for the invocation type.protected SecurityExpressionOperations
createSecurityExpressionRoot
(Authentication authentication, org.springframework.messaging.Message<T> invocation) Implement in order to create a root object of the correct type for the supported invocation type.void
setTrustResolver
(AuthenticationTrustResolver trustResolver) Methods inherited from class org.springframework.security.access.expression.AbstractSecurityExpressionHandler
createEvaluationContext, createEvaluationContextInternal, getBeanResolver, getExpressionParser, getPermissionEvaluator, getRoleHierarchy, setApplicationContext, setExpressionParser, setPermissionEvaluator, setRoleHierarchy
-
Constructor Details
-
DefaultMessageSecurityExpressionHandler
public DefaultMessageSecurityExpressionHandler()
-
-
Method Details
-
createEvaluationContext
public org.springframework.expression.EvaluationContext createEvaluationContext(Supplier<Authentication> authentication, org.springframework.messaging.Message<T> message) Description copied from interface:SecurityExpressionHandler
Provides an evaluation context in which to evaluate security expressions for the invocation type. You can override this method in order to provide a custom implementation that uses lazy initialization of theAuthentication
object. By default, this method uses eager initialization of theAuthentication
object.- Parameters:
authentication
- theSupplier
of theAuthentication
to usemessage
- theSecurityExpressionHandler
to use- Returns:
- the
EvaluationContext
to use
-
createSecurityExpressionRoot
protected SecurityExpressionOperations createSecurityExpressionRoot(Authentication authentication, org.springframework.messaging.Message<T> invocation) Description copied from class:AbstractSecurityExpressionHandler
Implement in order to create a root object of the correct type for the supported invocation type.- Specified by:
createSecurityExpressionRoot
in classAbstractSecurityExpressionHandler<org.springframework.messaging.Message<T>>
- Parameters:
authentication
- the current authentication objectinvocation
- the invocation (filter, method, channel)- Returns:
- the object
-
setTrustResolver
-