Class SecurityExpressionRoot
- All Implemented Interfaces:
SecurityExpressionOperations
- Direct Known Subclasses:
MessageSecurityExpressionRoot
,WebSecurityExpressionRoot
- Since:
- 3.0
-
Field Summary
-
Constructor Summary
ConstructorDescriptionSecurityExpressionRoot
(Supplier<Authentication> authentication) Creates a new instance that uses lazy initialization of theAuthentication
object.SecurityExpressionRoot
(Authentication authentication) Creates a new instance -
Method Summary
Modifier and TypeMethodDescriptionfinal boolean
denyAll()
Always denies accessfinal Authentication
Gets theAuthentication
used for evaluating the expressionsConvenience method to accessAuthentication.getPrincipal()
fromgetAuthentication()
final boolean
hasAnyAuthority
(String... authorities) Determines if theSecurityExpressionOperations.getAuthentication()
has any of the specified authorities withinAuthentication.getAuthorities()
.final boolean
hasAnyRole
(String... roles) Determines if theSecurityExpressionOperations.getAuthentication()
has any of the specified authorities withinAuthentication.getAuthorities()
.final boolean
hasAuthority
(String authority) Determines if theSecurityExpressionOperations.getAuthentication()
has a particular authority withinAuthentication.getAuthorities()
.boolean
hasPermission
(Object target, Object permission) Determines if theSecurityExpressionOperations.getAuthentication()
has permission to access the target given the permissionboolean
hasPermission
(Object targetId, String targetType, Object permission) Determines if theSecurityExpressionOperations.getAuthentication()
has permission to access the domain object with a given id, type, and permission.final boolean
Determines if theSecurityExpressionOperations.getAuthentication()
has a particular authority withinAuthentication.getAuthorities()
.final boolean
Determines if theSecurityExpressionOperations.getAuthentication()
is anonymousfinal boolean
Determines iftheSecurityExpressionOperations.getAuthentication()
is authenticatedfinal boolean
Determines if theSecurityExpressionOperations.getAuthentication()
authenticated without the use of remember mefinal boolean
Determines if theSecurityExpressionOperations.getAuthentication()
was authenticated using remember mefinal boolean
Always grants access.void
setDefaultRolePrefix
(String defaultRolePrefix) Sets the default prefix to be added tohasAnyRole(String...)
orhasRole(String)
.void
setPermissionEvaluator
(PermissionEvaluator permissionEvaluator) void
setRoleHierarchy
(RoleHierarchy roleHierarchy) void
setTrustResolver
(AuthenticationTrustResolver trustResolver)
-
Field Details
-
permitAll
public final boolean permitAllAllows "permitAll" expression- See Also:
-
denyAll
public final boolean denyAllAllows "denyAll" expression- See Also:
-
read
- See Also:
-
write
- See Also:
-
create
- See Also:
-
delete
- See Also:
-
admin
- See Also:
-
-
Constructor Details
-
SecurityExpressionRoot
Creates a new instance- Parameters:
authentication
- theAuthentication
to use. Cannot be null.
-
SecurityExpressionRoot
Creates a new instance that uses lazy initialization of theAuthentication
object.- Parameters:
authentication
- theSupplier
of theAuthentication
to use. Cannot be null.- Since:
- 5.8
-
-
Method Details
-
hasAuthority
Description copied from interface:SecurityExpressionOperations
Determines if theSecurityExpressionOperations.getAuthentication()
has a particular authority withinAuthentication.getAuthorities()
.- Specified by:
hasAuthority
in interfaceSecurityExpressionOperations
- Parameters:
authority
- the authority to test (i.e. "ROLE_USER")- Returns:
- true if the authority is found, else false
-
hasAnyAuthority
Description copied from interface:SecurityExpressionOperations
Determines if theSecurityExpressionOperations.getAuthentication()
has any of the specified authorities withinAuthentication.getAuthorities()
.- Specified by:
hasAnyAuthority
in interfaceSecurityExpressionOperations
- Parameters:
authorities
- the authorities to test (i.e. "ROLE_USER", "ROLE_ADMIN")- Returns:
- true if any of the authorities is found, else false
-
hasRole
Description copied from interface:SecurityExpressionOperations
Determines if the
SecurityExpressionOperations.getAuthentication()
has a particular authority withinAuthentication.getAuthorities()
.This is similar to
SecurityExpressionOperations.hasAuthority(String)
except that this method implies that the String passed in is a role. For example, if "USER" is passed in the implementation may convert it to use "ROLE_USER" instead. The way in which the role is converted may depend on the implementation settings.- Specified by:
hasRole
in interfaceSecurityExpressionOperations
- Parameters:
role
- the authority to test (i.e. "USER")- Returns:
- true if the authority is found, else false
-
hasAnyRole
Description copied from interface:SecurityExpressionOperations
Determines if the
SecurityExpressionOperations.getAuthentication()
has any of the specified authorities withinAuthentication.getAuthorities()
.This is a similar to hasAnyAuthority except that this method implies that the String passed in is a role. For example, if "USER" is passed in the implementation may convert it to use "ROLE_USER" instead. The way in which the role is converted may depend on the implementation settings.
- Specified by:
hasAnyRole
in interfaceSecurityExpressionOperations
- Parameters:
roles
- the authorities to test (i.e. "USER", "ADMIN")- Returns:
- true if any of the authorities is found, else false
-
getAuthentication
Description copied from interface:SecurityExpressionOperations
Gets theAuthentication
used for evaluating the expressions- Specified by:
getAuthentication
in interfaceSecurityExpressionOperations
- Returns:
- the
Authentication
for evaluating the expressions
-
permitAll
public final boolean permitAll()Description copied from interface:SecurityExpressionOperations
Always grants access.- Specified by:
permitAll
in interfaceSecurityExpressionOperations
- Returns:
- true
-
denyAll
public final boolean denyAll()Description copied from interface:SecurityExpressionOperations
Always denies access- Specified by:
denyAll
in interfaceSecurityExpressionOperations
- Returns:
- false
-
isAnonymous
public final boolean isAnonymous()Description copied from interface:SecurityExpressionOperations
Determines if theSecurityExpressionOperations.getAuthentication()
is anonymous- Specified by:
isAnonymous
in interfaceSecurityExpressionOperations
- Returns:
- true if the user is anonymous, else false
-
isAuthenticated
public final boolean isAuthenticated()Description copied from interface:SecurityExpressionOperations
Determines iftheSecurityExpressionOperations.getAuthentication()
is authenticated- Specified by:
isAuthenticated
in interfaceSecurityExpressionOperations
- Returns:
- true if the
SecurityExpressionOperations.getAuthentication()
is authenticated, else false
-
isRememberMe
public final boolean isRememberMe()Description copied from interface:SecurityExpressionOperations
Determines if theSecurityExpressionOperations.getAuthentication()
was authenticated using remember me- Specified by:
isRememberMe
in interfaceSecurityExpressionOperations
- Returns:
- true if the
SecurityExpressionOperations.getAuthentication()
authenticated using remember me, else false
-
isFullyAuthenticated
public final boolean isFullyAuthenticated()Description copied from interface:SecurityExpressionOperations
Determines if theSecurityExpressionOperations.getAuthentication()
authenticated without the use of remember me- Specified by:
isFullyAuthenticated
in interfaceSecurityExpressionOperations
- Returns:
- true if the
SecurityExpressionOperations.getAuthentication()
authenticated without the use of remember me, else false
-
getPrincipal
Convenience method to accessAuthentication.getPrincipal()
fromgetAuthentication()
- Returns:
-
setTrustResolver
-
setRoleHierarchy
-
setDefaultRolePrefix
Sets the default prefix to be added to
hasAnyRole(String...)
orhasRole(String)
. For example, if hasRole("ADMIN") or hasRole("ROLE_ADMIN") is passed in, then the role ROLE_ADMIN will be used when the defaultRolePrefix is "ROLE_" (default).If null or empty, then no default role prefix is used.
- Parameters:
defaultRolePrefix
- the default prefix to add to roles. Default "ROLE_".
-
hasPermission
Description copied from interface:SecurityExpressionOperations
Determines if theSecurityExpressionOperations.getAuthentication()
has permission to access the target given the permission- Specified by:
hasPermission
in interfaceSecurityExpressionOperations
- Parameters:
target
- the target domain object to check permission onpermission
- the permission to check on the domain object (i.e. "read", "write", etc.).- Returns:
- true if permission is granted to the
SecurityExpressionOperations.getAuthentication()
, else false
-
hasPermission
Description copied from interface:SecurityExpressionOperations
Determines if theSecurityExpressionOperations.getAuthentication()
has permission to access the domain object with a given id, type, and permission.- Specified by:
hasPermission
in interfaceSecurityExpressionOperations
- Parameters:
targetId
- the identifier of the domain object to determine accesstargetType
- the type (i.e. com.example.domain.Message)permission
- the permission to check on the domain object (i.e. "read", "write", etc.)- Returns:
- true if permission is granted to the
SecurityExpressionOperations.getAuthentication()
, else false
-
setPermissionEvaluator
-