java.lang.Object

org.springframework.security.access.expression.AbstractSecurityExpressionHandler<RequestAuthorizationContext>

org.springframework.security.web.access.expression.DefaultHttpSecurityExpressionHandler

All Implemented Interfaces:: org.springframework.aop.framework.AopInfrastructureBean, org.springframework.beans.factory.Aware, org.springframework.context.ApplicationContextAware, SecurityExpressionHandler<RequestAuthorizationContext>

public class DefaultHttpSecurityExpressionHandler extends AbstractSecurityExpressionHandler<RequestAuthorizationContext> implements SecurityExpressionHandler<RequestAuthorizationContext>

A SecurityExpressionHandler that uses a RequestAuthorizationContext to create a WebSecurityExpressionRoot.

Since:: 5.8

Constructor Summary

Constructors

Constructor

Description

DefaultHttpSecurityExpressionHandler()
Method Summary

Modifier and Type

Method

Description

org.springframework.expression.EvaluationContext

createEvaluationContext(Supplier<Authentication> authentication, RequestAuthorizationContext context)

Provides an evaluation context in which to evaluate security expressions for the invocation type.

protected SecurityExpressionOperations

createSecurityExpressionRoot(Authentication authentication, RequestAuthorizationContext context)

Implement in order to create a root object of the correct type for the supported invocation type.

void

setDefaultRolePrefix(String defaultRolePrefix)

Sets the default prefix to be added to SecurityExpressionRoot.hasAnyRole(String...) or SecurityExpressionRoot.hasRole(String).

void

setTrustResolver(AuthenticationTrustResolver trustResolver)

Sets the AuthenticationTrustResolver to be used.

Methods inherited from class org.springframework.security.access.expression.AbstractSecurityExpressionHandler
createEvaluationContext, createEvaluationContextInternal, getBeanResolver, getExpressionParser, getPermissionEvaluator, getRoleHierarchy, setApplicationContext, setExpressionParser, setPermissionEvaluator, setRoleHierarchy

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.springframework.security.access.expression.SecurityExpressionHandler
createEvaluationContext, getExpressionParser

Constructor Details
- DefaultHttpSecurityExpressionHandler
  
  public DefaultHttpSecurityExpressionHandler()
Method Details
- createEvaluationContext
  
  public org.springframework.expression.EvaluationContext createEvaluationContext(Supplier<Authentication> authentication, RequestAuthorizationContext context)
  
  Description copied from interface: SecurityExpressionHandler
  
  Provides an evaluation context in which to evaluate security expressions for the invocation type. You can override this method in order to provide a custom implementation that uses lazy initialization of the Authentication object. By default, this method uses eager initialization of the Authentication object.
  
  Specified by:
  
  createEvaluationContext in interface SecurityExpressionHandler<RequestAuthorizationContext>
  
  Parameters:
  
  authentication - the Supplier of the Authentication to use
  
  context - the SecurityExpressionHandler to use
  
  Returns:
  
  the EvaluationContext to use
- createSecurityExpressionRoot
  
  protected SecurityExpressionOperations createSecurityExpressionRoot(Authentication authentication, RequestAuthorizationContext context)
  
  Description copied from class: AbstractSecurityExpressionHandler
  
  Implement in order to create a root object of the correct type for the supported invocation type.
  
  Specified by:
  
  createSecurityExpressionRoot in class AbstractSecurityExpressionHandler<RequestAuthorizationContext>
  
  Parameters:
  
  authentication - the current authentication object
  
  context - the invocation (filter, method, channel)
  
  Returns:
  
  the object
- setTrustResolver
  
  public void setTrustResolver(AuthenticationTrustResolver trustResolver)
  
  Sets the AuthenticationTrustResolver to be used. The default is AuthenticationTrustResolverImpl.
  
  Parameters:
  
  trustResolver - the AuthenticationTrustResolver to use
- setDefaultRolePrefix
  
  public void setDefaultRolePrefix(String defaultRolePrefix)
  
  Sets the default prefix to be added to SecurityExpressionRoot.hasAnyRole(String...) or SecurityExpressionRoot.hasRole(String). For example, if hasRole("ADMIN") or hasRole("ROLE_ADMIN") is passed in, then the role ROLE_ADMIN will be used when the defaultRolePrefix is "ROLE_" (default).
  
  Parameters:
  
  defaultRolePrefix - the default prefix to add to roles. The default is "ROLE_".

Class DefaultHttpSecurityExpressionHandler

Constructor Summary

Method Summary

Methods inherited from class org.springframework.security.access.expression.AbstractSecurityExpressionHandler

Methods inherited from class java.lang.Object

Methods inherited from interface org.springframework.security.access.expression.SecurityExpressionHandler

Constructor Details

DefaultHttpSecurityExpressionHandler

Method Details

createEvaluationContext

createSecurityExpressionRoot

setTrustResolver

setDefaultRolePrefix