Class SecurityExpressionRoot<T extends @Nullable Object>
- All Implemented Interfaces:
SecurityExpressionOperations
- Direct Known Subclasses:
MessageSecurityExpressionRoot
,WebSecurityExpressionRoot
- Since:
- 3.0
-
Field Summary
Fields -
Constructor Summary
ConstructorsConstructorDescriptionSecurityExpressionRoot
(@Nullable Authentication authentication) Deprecated.SecurityExpressionRoot
(Supplier<? extends @Nullable Authentication> authentication, T object) Creates a new instance that uses lazy initialization of theAuthentication
object.SecurityExpressionRoot
(Supplier<@Nullable Authentication> authentication) Deprecated.UseSecurityExpressionRoot(Supplier, Object)
instead -
Method Summary
Modifier and TypeMethodDescriptionfinal boolean
denyAll()
Always denies accessfinal Authentication
Gets theAuthentication
used for evaluating the expressions@Nullable Object
Convenience method to accessAuthentication.getPrincipal()
fromgetAuthentication()
final boolean
hasAnyAuthority
(String... authorities) Determines if theSecurityExpressionOperations.getAuthentication()
has any of the specified authorities withinAuthentication.getAuthorities()
.final boolean
hasAnyRole
(String... roles) Determines if theSecurityExpressionOperations.getAuthentication()
has any of the specified authorities withinAuthentication.getAuthorities()
.final boolean
hasAuthority
(String authority) Determines if theSecurityExpressionOperations.getAuthentication()
has a particular authority withinAuthentication.getAuthorities()
.boolean
hasPermission
(Object target, Object permission) Determines if theSecurityExpressionOperations.getAuthentication()
has permission to access the target given the permissionboolean
hasPermission
(Object targetId, String targetType, Object permission) Determines if theSecurityExpressionOperations.getAuthentication()
has permission to access the domain object with a given id, type, and permission.final boolean
Determines if theSecurityExpressionOperations.getAuthentication()
has a particular authority withinAuthentication.getAuthorities()
.final boolean
Determines if theSecurityExpressionOperations.getAuthentication()
is anonymousfinal boolean
Determines iftheSecurityExpressionOperations.getAuthentication()
is authenticatedfinal boolean
Determines if theSecurityExpressionOperations.getAuthentication()
authenticated without the use of remember mefinal boolean
Determines if theSecurityExpressionOperations.getAuthentication()
was authenticated using remember mefinal boolean
Always grants access.void
setAuthorizationManagerFactory
(AuthorizationManagerFactory<T> authorizationManagerFactory) Sets theAuthorizationManagerFactory
to use for creating instances ofAuthorizationManager
.void
setDefaultRolePrefix
(@Nullable String defaultRolePrefix) Deprecated.void
setPermissionEvaluator
(PermissionEvaluator permissionEvaluator) void
setRoleHierarchy
(@Nullable RoleHierarchy roleHierarchy) Deprecated.void
setTrustResolver
(AuthenticationTrustResolver trustResolver) Deprecated.
-
Field Details
-
permitAll
public final boolean permitAllAllows "permitAll" expression- See Also:
-
denyAll
public final boolean denyAllAllows "denyAll" expression- See Also:
-
read
- See Also:
-
write
- See Also:
-
create
- See Also:
-
delete
- See Also:
-
admin
- See Also:
-
-
Constructor Details
-
SecurityExpressionRoot
Deprecated.UseSecurityExpressionRoot(Supplier, Object)
insteadCreates a new instance- Parameters:
authentication
- theAuthentication
to use. Cannot be null.
-
SecurityExpressionRoot
@Deprecated(since="7.0") public SecurityExpressionRoot(Supplier<@Nullable Authentication> authentication) Deprecated.UseSecurityExpressionRoot(Supplier, Object)
insteadCreates a new instance that uses lazy initialization of theAuthentication
object.- Parameters:
authentication
- theSupplier
of theAuthentication
to use. Cannot be null.- Since:
- 5.8
-
SecurityExpressionRoot
public SecurityExpressionRoot(Supplier<? extends @Nullable Authentication> authentication, T object) Creates a new instance that uses lazy initialization of theAuthentication
object.- Parameters:
authentication
- theSupplier
of theAuthentication
to use. Cannot be null.object
- the object being authorized- Since:
- 7.0
-
-
Method Details
-
hasAuthority
Description copied from interface:SecurityExpressionOperations
Determines if theSecurityExpressionOperations.getAuthentication()
has a particular authority withinAuthentication.getAuthorities()
.- Specified by:
hasAuthority
in interfaceSecurityExpressionOperations
- Parameters:
authority
- the authority to test (i.e. "ROLE_USER")- Returns:
- true if the authority is found, else false
-
hasAnyAuthority
Description copied from interface:SecurityExpressionOperations
Determines if theSecurityExpressionOperations.getAuthentication()
has any of the specified authorities withinAuthentication.getAuthorities()
.- Specified by:
hasAnyAuthority
in interfaceSecurityExpressionOperations
- Parameters:
authorities
- the authorities to test (i.e. "ROLE_USER", "ROLE_ADMIN")- Returns:
- true if any of the authorities is found, else false
-
hasRole
Description copied from interface:SecurityExpressionOperations
Determines if the
SecurityExpressionOperations.getAuthentication()
has a particular authority withinAuthentication.getAuthorities()
.This is similar to
SecurityExpressionOperations.hasAuthority(String)
except that this method implies that the String passed in is a role. For example, if "USER" is passed in the implementation may convert it to use "ROLE_USER" instead. The way in which the role is converted may depend on the implementation settings.- Specified by:
hasRole
in interfaceSecurityExpressionOperations
- Parameters:
role
- the authority to test (i.e. "USER")- Returns:
- true if the authority is found, else false
-
hasAnyRole
Description copied from interface:SecurityExpressionOperations
Determines if the
SecurityExpressionOperations.getAuthentication()
has any of the specified authorities withinAuthentication.getAuthorities()
.This is a similar to hasAnyAuthority except that this method implies that the String passed in is a role. For example, if "USER" is passed in the implementation may convert it to use "ROLE_USER" instead. The way in which the role is converted may depend on the implementation settings.
- Specified by:
hasAnyRole
in interfaceSecurityExpressionOperations
- Parameters:
roles
- the authorities to test (i.e. "USER", "ADMIN")- Returns:
- true if any of the authorities is found, else false
-
getAuthentication
Description copied from interface:SecurityExpressionOperations
Gets theAuthentication
used for evaluating the expressions- Specified by:
getAuthentication
in interfaceSecurityExpressionOperations
- Returns:
- the
Authentication
for evaluating the expressions
-
permitAll
public final boolean permitAll()Description copied from interface:SecurityExpressionOperations
Always grants access.- Specified by:
permitAll
in interfaceSecurityExpressionOperations
- Returns:
- true
-
denyAll
public final boolean denyAll()Description copied from interface:SecurityExpressionOperations
Always denies access- Specified by:
denyAll
in interfaceSecurityExpressionOperations
- Returns:
- false
-
isAnonymous
public final boolean isAnonymous()Description copied from interface:SecurityExpressionOperations
Determines if theSecurityExpressionOperations.getAuthentication()
is anonymous- Specified by:
isAnonymous
in interfaceSecurityExpressionOperations
- Returns:
- true if the user is anonymous, else false
-
isAuthenticated
public final boolean isAuthenticated()Description copied from interface:SecurityExpressionOperations
Determines iftheSecurityExpressionOperations.getAuthentication()
is authenticated- Specified by:
isAuthenticated
in interfaceSecurityExpressionOperations
- Returns:
- true if the
SecurityExpressionOperations.getAuthentication()
is authenticated, else false
-
isRememberMe
public final boolean isRememberMe()Description copied from interface:SecurityExpressionOperations
Determines if theSecurityExpressionOperations.getAuthentication()
was authenticated using remember me- Specified by:
isRememberMe
in interfaceSecurityExpressionOperations
- Returns:
- true if the
SecurityExpressionOperations.getAuthentication()
authenticated using remember me, else false
-
isFullyAuthenticated
public final boolean isFullyAuthenticated()Description copied from interface:SecurityExpressionOperations
Determines if theSecurityExpressionOperations.getAuthentication()
authenticated without the use of remember me- Specified by:
isFullyAuthenticated
in interfaceSecurityExpressionOperations
- Returns:
- true if the
SecurityExpressionOperations.getAuthentication()
authenticated without the use of remember me, else false
-
getPrincipal
Convenience method to accessAuthentication.getPrincipal()
fromgetAuthentication()
- Returns:
-
setTrustResolver
Deprecated. -
setRoleHierarchy
Deprecated. -
setDefaultRolePrefix
Deprecated.Sets the default prefix to be added to
hasAnyRole(String...)
orhasRole(String)
. For example, if hasRole("ADMIN") or hasRole("ROLE_ADMIN") is passed in, then the role ROLE_ADMIN will be used when the defaultRolePrefix is "ROLE_" (default).If null or empty, then no default role prefix is used.
- Parameters:
defaultRolePrefix
- the default prefix to add to roles. Default "ROLE_".
-
setAuthorizationManagerFactory
public void setAuthorizationManagerFactory(AuthorizationManagerFactory<T> authorizationManagerFactory) Sets theAuthorizationManagerFactory
to use for creating instances ofAuthorizationManager
.- Parameters:
authorizationManagerFactory
- theAuthorizationManagerFactory
to use- Since:
- 7.0
-
hasPermission
Description copied from interface:SecurityExpressionOperations
Determines if theSecurityExpressionOperations.getAuthentication()
has permission to access the target given the permission- Specified by:
hasPermission
in interfaceSecurityExpressionOperations
- Parameters:
target
- the target domain object to check permission onpermission
- the permission to check on the domain object (i.e. "read", "write", etc.).- Returns:
- true if permission is granted to the
SecurityExpressionOperations.getAuthentication()
, else false
-
hasPermission
Description copied from interface:SecurityExpressionOperations
Determines if theSecurityExpressionOperations.getAuthentication()
has permission to access the domain object with a given id, type, and permission.- Specified by:
hasPermission
in interfaceSecurityExpressionOperations
- Parameters:
targetId
- the identifier of the domain object to determine accesstargetType
- the type (i.e. com.example.domain.Message)permission
- the permission to check on the domain object (i.e. "read", "write", etc.)- Returns:
- true if permission is granted to the
SecurityExpressionOperations.getAuthentication()
, else false
-
setPermissionEvaluator
-
SecurityExpressionRoot(Supplier, Object)
instead