Package org.springframework.security.web.access.expression

Class WebExpressionAuthorizationManager

  • All Implemented Interfaces:
    org.springframework.security.authorization.AuthorizationManager<RequestAuthorizationContext>
    public final class WebExpressionAuthorizationManager
extends java.lang.Object
implements org.springframework.security.authorization.AuthorizationManager<RequestAuthorizationContext>
    An expression-based AuthorizationManager that determines the access by evaluating the provided expression.
    Since:
    5.8

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      org.springframework.security.authorization.AuthorizationDecision check​(java.util.function.Supplier<org.springframework.security.core.Authentication> authentication, RequestAuthorizationContext context)
      Determines the access by evaluating the provided expression.
      void setExpressionHandler​(org.springframework.security.access.expression.SecurityExpressionHandler<RequestAuthorizationContext> expressionHandler)
      Sets the SecurityExpressionHandler to be used.
      java.lang.String toString()  

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

      • Methods inherited from interface org.springframework.security.authorization.AuthorizationManager

        verify

    • Constructor Detail

      • WebExpressionAuthorizationManager

        public WebExpressionAuthorizationManager​(java.lang.String expressionString)
        Creates an instance.
        Parameters:
        expressionString - the raw expression string to parse

    • Method Detail

      • setExpressionHandler

        public void setExpressionHandler​(org.springframework.security.access.expression.SecurityExpressionHandler<RequestAuthorizationContext> expressionHandler)
        Sets the SecurityExpressionHandler to be used. The default is DefaultHttpSecurityExpressionHandler.
        Parameters:
        expressionHandler - the SecurityExpressionHandler to use

      • check

        public org.springframework.security.authorization.AuthorizationDecision check​(java.util.function.Supplier<org.springframework.security.core.Authentication> authentication,
                                                                              RequestAuthorizationContext context)
        Determines the access by evaluating the provided expression.
        Specified by:
        check in interface org.springframework.security.authorization.AuthorizationManager<RequestAuthorizationContext>
        Parameters:
        authentication - the Supplier of the Authentication to check
        context - the RequestAuthorizationContext to check
        Returns:
        an ExpressionAuthorizationDecision based on the evaluated expression

      • toString

        public java.lang.String toString()
        Overrides:
        toString in class java.lang.Object