Package org.springframework.security.access.expression

Class AbstractSecurityExpressionHandler<T>

java.lang.Object
org.springframework.security.access.expression.AbstractSecurityExpressionHandler<T>
All Implemented Interfaces:
org.springframework.aop.framework.AopInfrastructureBean, org.springframework.beans.factory.Aware, org.springframework.context.ApplicationContextAware, SecurityExpressionHandler<T>
Direct Known Subclasses:
DefaultHttpSecurityExpressionHandler, DefaultMessageSecurityExpressionHandler, DefaultMethodSecurityExpressionHandler, DefaultWebSecurityExpressionHandler
public abstract class AbstractSecurityExpressionHandler<T> extends Object implements SecurityExpressionHandler<T>, org.springframework.context.ApplicationContextAware
Base implementation of the facade which isolates Spring Security's requirements for evaluating security expressions from the implementation of the underlying expression objects.
Since:
3.1

  • Constructor Details

    • AbstractSecurityExpressionHandler

      public AbstractSecurityExpressionHandler()

  • Method Details

    • getExpressionParser

      public final org.springframework.expression.ExpressionParser getExpressionParser()
      Specified by:
      getExpressionParser in interface SecurityExpressionHandler<T>
      Returns:
      an expression parser for the expressions used by the implementation.

    • setExpressionParser

      public final void setExpressionParser(org.springframework.expression.ExpressionParser expressionParser)

    • createEvaluationContext

      public final org.springframework.expression.EvaluationContext createEvaluationContext(@Nullable Authentication authentication, T invocation)
      Invokes the internal template methods to create StandardEvaluationContext and SecurityExpressionRoot objects.
      Specified by:
      createEvaluationContext in interface SecurityExpressionHandler<T>
      Parameters:
      authentication - the current authentication object
      invocation - the invocation (filter, method, channel)
      Returns:
      the context object for use in evaluating the expression, populated with a suitable root object.

    • createEvaluationContextInternal

      protected org.springframework.expression.spel.support.StandardEvaluationContext createEvaluationContextInternal(@Nullable Authentication authentication, T invocation)
      Override to create a custom instance of StandardEvaluationContext.

      The returned object will have a SecurityExpressionRootPropertyAccessor added, allowing beans in the ApplicationContext to be accessed via expression properties.

      Parameters:
      authentication - the current authentication object
      invocation - the invocation (filter, method, channel)
      Returns:
      A StandardEvaluationContext or potentially a custom subclass if overridden.

    • createSecurityExpressionRoot

      protected abstract SecurityExpressionOperations createSecurityExpressionRoot(@Nullable Authentication authentication, T invocation)
      Implement in order to create a root object of the correct type for the supported invocation type.
      Parameters:
      authentication - the current authentication object
      invocation - the invocation (filter, method, channel)
      Returns:
      the object

    • setAuthorizationManagerFactory

      public final void setAuthorizationManagerFactory(AuthorizationManagerFactory<T> authorizationManagerFactory)
      Sets the AuthorizationManagerFactory to be used. The default is DefaultAuthorizationManagerFactory.
      Parameters:
      authorizationManagerFactory - the AuthorizationManagerFactory to use. Cannot be null.
      Since:
      7.0

    • getAuthorizationManagerFactory

      protected final AuthorizationManagerFactory<T> getAuthorizationManagerFactory()

    • getDefaultAuthorizationManagerFactory

      @Deprecated(since="7.0") protected final DefaultAuthorizationManagerFactory<T> getDefaultAuthorizationManagerFactory()
      Deprecated.
      Use setAuthorizationManagerFactory(AuthorizationManagerFactory) instead
      Allows accessing the DefaultAuthorizationManagerFactory for getting and setting defaults. This method will be removed in Spring Security 8.
      Returns:
      the DefaultAuthorizationManagerFactory
      Throws:
      IllegalStateException - if a different AuthorizationManagerFactory was already set

    • getRoleHierarchy

      @Deprecated(since="7.0") protected @Nullable RoleHierarchy getRoleHierarchy()
      Deprecated.
      Use getDefaultAuthorizationManagerFactory() instead

    • setRoleHierarchy

      @Deprecated(since="7.0") public void setRoleHierarchy(@Nullable RoleHierarchy roleHierarchy)
      Deprecated.
      Use setAuthorizationManagerFactory(AuthorizationManagerFactory) instead

    • getPermissionEvaluator

      protected PermissionEvaluator getPermissionEvaluator()

    • setPermissionEvaluator

      public void setPermissionEvaluator(PermissionEvaluator permissionEvaluator)

    • getBeanResolver

      protected @Nullable org.springframework.expression.BeanResolver getBeanResolver()

    • setApplicationContext

      public void setApplicationContext(org.springframework.context.ApplicationContext applicationContext)
      Specified by:
      setApplicationContext in interface org.springframework.context.ApplicationContextAware