Class AbstractSecurityExpressionHandler<T>
java.lang.Object
org.springframework.security.access.expression.AbstractSecurityExpressionHandler<T>
- All Implemented Interfaces:
org.springframework.aop.framework.AopInfrastructureBean
,org.springframework.beans.factory.Aware
,org.springframework.context.ApplicationContextAware
,SecurityExpressionHandler<T>
- Direct Known Subclasses:
DefaultHttpSecurityExpressionHandler
,DefaultMessageSecurityExpressionHandler
,DefaultMethodSecurityExpressionHandler
,DefaultWebSecurityExpressionHandler
public abstract class AbstractSecurityExpressionHandler<T>
extends Object
implements SecurityExpressionHandler<T>, org.springframework.context.ApplicationContextAware
Base implementation of the facade which isolates Spring Security's requirements for
evaluating security expressions from the implementation of the underlying expression
objects.
- Since:
- 3.1
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionfinal org.springframework.expression.EvaluationContext
createEvaluationContext
(@Nullable Authentication authentication, T invocation) Invokes the internal template methods to createStandardEvaluationContext
andSecurityExpressionRoot
objects.protected org.springframework.expression.spel.support.StandardEvaluationContext
createEvaluationContextInternal
(@Nullable Authentication authentication, T invocation) Override to create a custom instance ofStandardEvaluationContext
.protected abstract SecurityExpressionOperations
createSecurityExpressionRoot
(@Nullable Authentication authentication, T invocation) Implement in order to create a root object of the correct type for the supported invocation type.protected final AuthorizationManagerFactory<T>
protected @Nullable org.springframework.expression.BeanResolver
protected final DefaultAuthorizationManagerFactory<T>
Deprecated.final org.springframework.expression.ExpressionParser
protected PermissionEvaluator
protected @Nullable RoleHierarchy
Deprecated.UsegetDefaultAuthorizationManagerFactory()
insteadvoid
setApplicationContext
(org.springframework.context.ApplicationContext applicationContext) final void
setAuthorizationManagerFactory
(AuthorizationManagerFactory<T> authorizationManagerFactory) Sets theAuthorizationManagerFactory
to be used.final void
setExpressionParser
(org.springframework.expression.ExpressionParser expressionParser) void
setPermissionEvaluator
(PermissionEvaluator permissionEvaluator) void
setRoleHierarchy
(@Nullable RoleHierarchy roleHierarchy) Deprecated.Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface org.springframework.security.access.expression.SecurityExpressionHandler
createEvaluationContext
-
Constructor Details
-
AbstractSecurityExpressionHandler
public AbstractSecurityExpressionHandler()
-
-
Method Details
-
getExpressionParser
public final org.springframework.expression.ExpressionParser getExpressionParser()- Specified by:
getExpressionParser
in interfaceSecurityExpressionHandler<T>
- Returns:
- an expression parser for the expressions used by the implementation.
-
setExpressionParser
public final void setExpressionParser(org.springframework.expression.ExpressionParser expressionParser) -
createEvaluationContext
public final org.springframework.expression.EvaluationContext createEvaluationContext(@Nullable Authentication authentication, T invocation) Invokes the internal template methods to createStandardEvaluationContext
andSecurityExpressionRoot
objects.- Specified by:
createEvaluationContext
in interfaceSecurityExpressionHandler<T>
- Parameters:
authentication
- the current authentication objectinvocation
- the invocation (filter, method, channel)- Returns:
- the context object for use in evaluating the expression, populated with a suitable root object.
-
createEvaluationContextInternal
protected org.springframework.expression.spel.support.StandardEvaluationContext createEvaluationContextInternal(@Nullable Authentication authentication, T invocation) Override to create a custom instance ofStandardEvaluationContext
.The returned object will have a
SecurityExpressionRootPropertyAccessor
added, allowing beans in theApplicationContext
to be accessed via expression properties.- Parameters:
authentication
- the current authentication objectinvocation
- the invocation (filter, method, channel)- Returns:
- A
StandardEvaluationContext
or potentially a custom subclass if overridden.
-
createSecurityExpressionRoot
protected abstract SecurityExpressionOperations createSecurityExpressionRoot(@Nullable Authentication authentication, T invocation) Implement in order to create a root object of the correct type for the supported invocation type.- Parameters:
authentication
- the current authentication objectinvocation
- the invocation (filter, method, channel)- Returns:
- the object
-
setAuthorizationManagerFactory
public final void setAuthorizationManagerFactory(AuthorizationManagerFactory<T> authorizationManagerFactory) Sets theAuthorizationManagerFactory
to be used. The default isDefaultAuthorizationManagerFactory
.- Parameters:
authorizationManagerFactory
- theAuthorizationManagerFactory
to use. Cannot be null.- Since:
- 7.0
-
getAuthorizationManagerFactory
-
getDefaultAuthorizationManagerFactory
@Deprecated(since="7.0") protected final DefaultAuthorizationManagerFactory<T> getDefaultAuthorizationManagerFactory()Deprecated.Allows accessing theDefaultAuthorizationManagerFactory
for getting and setting defaults. This method will be removed in Spring Security 8.- Returns:
- the
DefaultAuthorizationManagerFactory
- Throws:
IllegalStateException
- if a differentAuthorizationManagerFactory
was already set
-
getRoleHierarchy
Deprecated.UsegetDefaultAuthorizationManagerFactory()
instead -
setRoleHierarchy
Deprecated. -
getPermissionEvaluator
-
setPermissionEvaluator
-
getBeanResolver
protected @Nullable org.springframework.expression.BeanResolver getBeanResolver() -
setApplicationContext
public void setApplicationContext(org.springframework.context.ApplicationContext applicationContext) - Specified by:
setApplicationContext
in interfaceorg.springframework.context.ApplicationContextAware
-
setAuthorizationManagerFactory(AuthorizationManagerFactory)
instead