Package org.springframework.security.authorization.method

Class Jsr250AuthorizationManager

java.lang.Object
org.springframework.security.authorization.method.Jsr250AuthorizationManager
All Implemented Interfaces:
AuthorizationManager<org.aopalliance.intercept.MethodInvocation>
public final class Jsr250AuthorizationManager extends Object implements AuthorizationManager<org.aopalliance.intercept.MethodInvocation>
An AuthorizationManager which can determine if an Authentication may invoke the MethodInvocation by evaluating if the Authentication contains a specified authority from the JSR-250 security annotations.
Since:
5.6

  • Constructor Details

    • Jsr250AuthorizationManager

      public Jsr250AuthorizationManager()

  • Method Details

    • setAuthoritiesAuthorizationManager

      public void setAuthoritiesAuthorizationManager(AuthorizationManager<Collection<String>> authoritiesAuthorizationManager)
      Sets an AuthorizationManager that accepts a collection of authority strings.
      Parameters:
      authoritiesAuthorizationManager - the AuthorizationManager that accepts a collection of authority strings to use
      Since:
      6.2

    • setRolePrefix

      public void setRolePrefix(String rolePrefix)
      Sets the role prefix. Defaults to "ROLE_".
      Parameters:
      rolePrefix - the role prefix to use

    • check

      public AuthorizationDecision check(Supplier<Authentication> authentication, org.aopalliance.intercept.MethodInvocation methodInvocation)
      Determine if an Authentication has access to a method by evaluating the DenyAll, PermitAll, and RolesAllowed annotations that MethodInvocation specifies.
      Specified by:
      check in interface AuthorizationManager<org.aopalliance.intercept.MethodInvocation>
      Parameters:
      authentication - the Supplier of the Authentication to check
      methodInvocation - the MethodInvocation to check
      Returns:
      an AuthorizationDecision or null if the JSR-250 security annotations is not present