WebSecurityExpressionRoot (spring-security-docs 6.4.1-SNAPSHOT API)

java.lang.Object

org.springframework.security.access.expression.SecurityExpressionRoot

org.springframework.security.web.access.expression.WebSecurityExpressionRoot

All Implemented Interfaces:: SecurityExpressionOperations

public class WebSecurityExpressionRoot extends SecurityExpressionRoot

Since:: 3.0

Field Summary

Fields

Modifier and Type

Field

Description

final jakarta.servlet.http.HttpServletRequest

request

Allows direct access to the request object

Fields inherited from class org.springframework.security.access.expression.SecurityExpressionRoot
admin, create, delete, denyAll, permitAll, read, write
Constructor Summary

Constructors

Constructor

Description

WebSecurityExpressionRoot(Supplier<Authentication> authentication, jakarta.servlet.http.HttpServletRequest request)

Creates an instance for the given Supplier of the Authentication and HttpServletRequest.

WebSecurityExpressionRoot(Authentication a, FilterInvocation fi)
Method Summary

Modifier and Type

Method

Description

boolean

hasIpAddress(String ipAddress)

Takes a specific IP address or a range using the IP/Netmask (e.g.

Methods inherited from class org.springframework.security.access.expression.SecurityExpressionRoot
denyAll, getAuthentication, getPrincipal, hasAnyAuthority, hasAnyRole, hasAuthority, hasPermission, hasPermission, hasRole, isAnonymous, isAuthenticated, isFullyAuthenticated, isRememberMe, permitAll, setDefaultRolePrefix, setPermissionEvaluator, setRoleHierarchy, setTrustResolver

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details
- request
  
  public final jakarta.servlet.http.HttpServletRequest request
  
  Allows direct access to the request object
Constructor Details
- WebSecurityExpressionRoot
  
  public WebSecurityExpressionRoot(Authentication a, FilterInvocation fi)
- WebSecurityExpressionRoot
  
  public WebSecurityExpressionRoot(Supplier<Authentication> authentication, jakarta.servlet.http.HttpServletRequest request)
  
  Creates an instance for the given Supplier of the Authentication and HttpServletRequest.
  
  Parameters:
  
  authentication - the Supplier of the Authentication to use
  
  request - the HttpServletRequest to use
  
  Since:
  
  5.8
Method Details
- hasIpAddress
  
  public boolean hasIpAddress(String ipAddress)
  
  Takes a specific IP address or a range using the IP/Netmask (e.g. 192.168.1.0/24 or 202.24.0.0/14).
  
  Parameters:
  
  ipAddress - the address or range of addresses from which the request must come.
  
  Returns:
  
  true if the IP address of the current request is in the required range.