Class DefaultHttpSecurityExpressionHandler
java.lang.Object
org.springframework.security.access.expression.AbstractSecurityExpressionHandler<RequestAuthorizationContext>
org.springframework.security.web.access.expression.DefaultHttpSecurityExpressionHandler
- All Implemented Interfaces:
org.springframework.aop.framework.AopInfrastructureBean
,org.springframework.beans.factory.Aware
,org.springframework.context.ApplicationContextAware
,SecurityExpressionHandler<RequestAuthorizationContext>
public class DefaultHttpSecurityExpressionHandler
extends AbstractSecurityExpressionHandler<RequestAuthorizationContext>
implements SecurityExpressionHandler<RequestAuthorizationContext>
A
SecurityExpressionHandler
that uses a RequestAuthorizationContext
to
create a WebSecurityExpressionRoot
.- Since:
- 5.8
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionorg.springframework.expression.EvaluationContext
createEvaluationContext
(Supplier<Authentication> authentication, RequestAuthorizationContext context) Provides an evaluation context in which to evaluate security expressions for the invocation type.protected SecurityExpressionOperations
createSecurityExpressionRoot
(Authentication authentication, RequestAuthorizationContext context) Implement in order to create a root object of the correct type for the supported invocation type.void
setDefaultRolePrefix
(String defaultRolePrefix) Sets the default prefix to be added toSecurityExpressionRoot.hasAnyRole(String...)
orSecurityExpressionRoot.hasRole(String)
.void
setTrustResolver
(AuthenticationTrustResolver trustResolver) Sets theAuthenticationTrustResolver
to be used.Methods inherited from class org.springframework.security.access.expression.AbstractSecurityExpressionHandler
createEvaluationContext, createEvaluationContextInternal, getBeanResolver, getExpressionParser, getPermissionEvaluator, getRoleHierarchy, setApplicationContext, setExpressionParser, setPermissionEvaluator, setRoleHierarchy
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface org.springframework.security.access.expression.SecurityExpressionHandler
createEvaluationContext, getExpressionParser
-
Constructor Details
-
DefaultHttpSecurityExpressionHandler
public DefaultHttpSecurityExpressionHandler()
-
-
Method Details
-
createEvaluationContext
public org.springframework.expression.EvaluationContext createEvaluationContext(Supplier<Authentication> authentication, RequestAuthorizationContext context) Description copied from interface:SecurityExpressionHandler
Provides an evaluation context in which to evaluate security expressions for the invocation type. You can override this method in order to provide a custom implementation that uses lazy initialization of theAuthentication
object. By default, this method uses eager initialization of theAuthentication
object.- Specified by:
createEvaluationContext
in interfaceSecurityExpressionHandler<RequestAuthorizationContext>
- Parameters:
authentication
- theSupplier
of theAuthentication
to usecontext
- theSecurityExpressionHandler
to use- Returns:
- the
EvaluationContext
to use
-
createSecurityExpressionRoot
protected SecurityExpressionOperations createSecurityExpressionRoot(Authentication authentication, RequestAuthorizationContext context) Description copied from class:AbstractSecurityExpressionHandler
Implement in order to create a root object of the correct type for the supported invocation type.- Specified by:
createSecurityExpressionRoot
in classAbstractSecurityExpressionHandler<RequestAuthorizationContext>
- Parameters:
authentication
- the current authentication objectcontext
- the invocation (filter, method, channel)- Returns:
- the object
-
setTrustResolver
Sets theAuthenticationTrustResolver
to be used. The default isAuthenticationTrustResolverImpl
.- Parameters:
trustResolver
- theAuthenticationTrustResolver
to use
-
setDefaultRolePrefix
Sets the default prefix to be added toSecurityExpressionRoot.hasAnyRole(String...)
orSecurityExpressionRoot.hasRole(String)
. For example, if hasRole("ADMIN") or hasRole("ROLE_ADMIN") is passed in, then the role ROLE_ADMIN will be used when the defaultRolePrefix is "ROLE_" (default).- Parameters:
defaultRolePrefix
- the default prefix to add to roles. The default is "ROLE_".
-