Package org.springframework.security.access.expression.method

Class DefaultMethodSecurityExpressionHandler

java.lang.Object

org.springframework.security.access.expression.AbstractSecurityExpressionHandler<org.aopalliance.intercept.MethodInvocation>

org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler

All Implemented Interfaces:

org.springframework.aop.framework.AopInfrastructureBean, org.springframework.beans.factory.Aware, org.springframework.context.ApplicationContextAware, MethodSecurityExpressionHandler, SecurityExpressionHandler<org.aopalliance.intercept.MethodInvocation>

public class DefaultMethodSecurityExpressionHandler
extends AbstractSecurityExpressionHandler<org.aopalliance.intercept.MethodInvocation>
implements MethodSecurityExpressionHandler

The standard implementation of MethodSecurityExpressionHandler.

A single instance should usually be shared amongst the beans that require expression support.

Since:

3.0

Field Summary

Fields

Modifier and Type	Field	Description
protected final org.apache.commons.logging.Log	logger

Constructor Summary

Constructors

Constructor	Description
DefaultMethodSecurityExpressionHandler()

Method Summary

Modifier and Type	Method	Description
org.springframework.expression.EvaluationContext	createEvaluationContext(Supplier<? extends @Nullable Authentication> authentication, org.aopalliance.intercept.MethodInvocation mi)	Provides an evaluation context in which to evaluate security expressions for the invocation type.
org.springframework.expression.spel.support.StandardEvaluationContext	createEvaluationContextInternal(@Nullable Authentication auth, org.aopalliance.intercept.MethodInvocation mi)	Uses a MethodSecurityEvaluationContext as the EvaluationContext implementation.
protected MethodSecurityExpressionOperations	createSecurityExpressionRoot(@Nullable Authentication authentication, org.aopalliance.intercept.MethodInvocation invocation)	Creates the root object for expression evaluation.
Object	filter(@Nullable Object filterTarget, org.springframework.expression.Expression filterExpression, org.springframework.expression.EvaluationContext ctx)	Filters the filterTarget object (which must be either a Collection, Array, Map or Stream), by evaluating the supplied expression.
protected String	getDefaultRolePrefix()	Deprecated. Use AbstractSecurityExpressionHandler.setAuthorizationManagerFactory(AuthorizationManagerFactory) instead
protected org.springframework.core.ParameterNameDiscoverer	getParameterNameDiscoverer()
protected AuthenticationTrustResolver	getTrustResolver()	Deprecated. Use AbstractSecurityExpressionHandler.setAuthorizationManagerFactory(AuthorizationManagerFactory) instead
void	setDefaultRolePrefix(@Nullable String defaultRolePrefix)	Deprecated. Use AbstractSecurityExpressionHandler.setAuthorizationManagerFactory(AuthorizationManagerFactory) instead
void	setParameterNameDiscoverer(org.springframework.core.ParameterNameDiscoverer parameterNameDiscoverer)	Sets the ParameterNameDiscoverer to use.
void	setPermissionCacheOptimizer(PermissionCacheOptimizer permissionCacheOptimizer)
void	setReturnObject(@Nullable Object returnObject, org.springframework.expression.EvaluationContext ctx)	Used to inform the expression system of the return object for the given evaluation context.
void	setTrustResolver(AuthenticationTrustResolver trustResolver)	Deprecated. Use AbstractSecurityExpressionHandler.setAuthorizationManagerFactory(AuthorizationManagerFactory) instead

Methods inherited from class org.springframework.security.access.expression.AbstractSecurityExpressionHandler

createEvaluationContext, getAuthorizationManagerFactory, getBeanResolver, getDefaultAuthorizationManagerFactory, getExpressionParser, getPermissionEvaluator, getRoleHierarchy, setApplicationContext, setAuthorizationManagerFactory, setExpressionParser, setPermissionEvaluator, setRoleHierarchy

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.springframework.security.access.expression.SecurityExpressionHandler

createEvaluationContext, getExpressionParser

Field Details

logger

protected final org.apache.commons.logging.Log logger

Constructor Details

DefaultMethodSecurityExpressionHandler

public DefaultMethodSecurityExpressionHandler()

Method Details

createEvaluationContextInternal

public org.springframework.expression.spel.support.StandardEvaluationContext createEvaluationContextInternal(@Nullable Authentication auth,
 org.aopalliance.intercept.MethodInvocation mi)

Uses a MethodSecurityEvaluationContext as the EvaluationContext implementation.

Overrides:

createEvaluationContextInternal in class AbstractSecurityExpressionHandler<org.aopalliance.intercept.MethodInvocation>

Parameters:

auth - the current authentication object

mi - the invocation (filter, method, channel)

Returns:

A StandardEvaluationContext or potentially a custom subclass if overridden.

createEvaluationContext

public org.springframework.expression.EvaluationContext createEvaluationContext(Supplier<? extends @Nullable Authentication> authentication,
 org.aopalliance.intercept.MethodInvocation mi)

Description copied from interface: SecurityExpressionHandler

Provides an evaluation context in which to evaluate security expressions for the invocation type. You can override this method in order to provide a custom implementation that uses lazy initialization of the Authentication object. By default, this method uses eager initialization of the Authentication object.

Specified by:

createEvaluationContext in interface SecurityExpressionHandler<org.aopalliance.intercept.MethodInvocation>

Parameters:

authentication - the Supplier of the Authentication to use

mi - the SecurityExpressionHandler to use

Returns:

the EvaluationContext to use

createSecurityExpressionRoot

protected MethodSecurityExpressionOperations createSecurityExpressionRoot(@Nullable Authentication authentication,
 org.aopalliance.intercept.MethodInvocation invocation)

Creates the root object for expression evaluation.

Specified by:

createSecurityExpressionRoot in class AbstractSecurityExpressionHandler<org.aopalliance.intercept.MethodInvocation>

Parameters:

authentication - the current authentication object

invocation - the invocation (filter, method, channel)

Returns:

the object

filter

public Object filter(@Nullable Object filterTarget,
 org.springframework.expression.Expression filterExpression,
 org.springframework.expression.EvaluationContext ctx)

Filters the filterTarget object (which must be either a Collection, Array, Map or Stream), by evaluating the supplied expression.

Returns new instances of the same type as the supplied filterTarget object

Specified by:

filter in interface MethodSecurityExpressionHandler

Parameters:

filterTarget - the array or collection to be filtered.

filterExpression - the expression which should be used as the filter condition. If it returns false on evaluation, the object will be removed from the returned collection

ctx - the current evaluation context (as created through a call to SecurityExpressionHandler.createEvaluationContext(org.springframework.security.core.Authentication, Object)

Returns:

The filtered Collection, Array, Map or Stream

setTrustResolver

@Deprecated(since="7.0")
public void setTrustResolver(AuthenticationTrustResolver trustResolver)

Deprecated.

Use AbstractSecurityExpressionHandler.setAuthorizationManagerFactory(AuthorizationManagerFactory) instead

Sets the AuthenticationTrustResolver to be used. The default is AuthenticationTrustResolverImpl.

Parameters:

trustResolver - the AuthenticationTrustResolver to use. Cannot be null.

getTrustResolver

@Deprecated(since="7.0")
protected AuthenticationTrustResolver getTrustResolver()

Deprecated.

Use AbstractSecurityExpressionHandler.setAuthorizationManagerFactory(AuthorizationManagerFactory) instead

Returns:

The current AuthenticationTrustResolver

setParameterNameDiscoverer

public void setParameterNameDiscoverer(org.springframework.core.ParameterNameDiscoverer parameterNameDiscoverer)

Sets the ParameterNameDiscoverer to use. The default is DefaultSecurityParameterNameDiscoverer.

Parameters:

parameterNameDiscoverer -

getParameterNameDiscoverer

protected org.springframework.core.ParameterNameDiscoverer getParameterNameDiscoverer()

Returns:

The current ParameterNameDiscoverer

setPermissionCacheOptimizer

public void setPermissionCacheOptimizer(PermissionCacheOptimizer permissionCacheOptimizer)

setReturnObject

public void setReturnObject(@Nullable Object returnObject,
 org.springframework.expression.EvaluationContext ctx)

Description copied from interface: MethodSecurityExpressionHandler

Used to inform the expression system of the return object for the given evaluation context. Only applies to method invocations.

Specified by:

setReturnObject in interface MethodSecurityExpressionHandler

Parameters:

returnObject - the return object value

ctx - the context within which the object should be set (as created through a call to SecurityExpressionHandler.createEvaluationContext(org.springframework.security.core.Authentication, Object)

setDefaultRolePrefix

@Deprecated(since="7.0")
public void setDefaultRolePrefix(@Nullable String defaultRolePrefix)

Deprecated.

Use AbstractSecurityExpressionHandler.setAuthorizationManagerFactory(AuthorizationManagerFactory) instead

Sets the default prefix to be added to SecurityExpressionRoot.hasAnyRole(String...) or SecurityExpressionRoot.hasRole(String). For example, if hasRole("ADMIN") or hasRole("ROLE_ADMIN") is passed in, then the role ROLE_ADMIN will be used when the defaultRolePrefix is "ROLE_" (default).

If null or empty, then no default role prefix is used.

Parameters:

defaultRolePrefix - the default prefix to add to roles. Default "ROLE_".

getDefaultRolePrefix

@Deprecated(since="7.0")
protected String getDefaultRolePrefix()

Deprecated.

Use AbstractSecurityExpressionHandler.setAuthorizationManagerFactory(AuthorizationManagerFactory) instead

Returns:

The default role prefix