Class WebExpressionAuthorizationManager
java.lang.Object
org.springframework.security.web.access.expression.WebExpressionAuthorizationManager
- All Implemented Interfaces:
org.springframework.security.authorization.AuthorizationManager<RequestAuthorizationContext>
public final class WebExpressionAuthorizationManager
extends Object
implements org.springframework.security.authorization.AuthorizationManager<RequestAuthorizationContext>
An expression-based
AuthorizationManager
that determines the access by
evaluating the provided expression.- Since:
- 5.8
-
Constructor Summary
ConstructorDescriptionWebExpressionAuthorizationManager
(String expressionString) Creates an instance. -
Method Summary
Modifier and TypeMethodDescriptionorg.springframework.security.authorization.AuthorizationDecision
check
(Supplier<org.springframework.security.core.Authentication> authentication, RequestAuthorizationContext context) Determines the access by evaluating the provided expression.void
setExpressionHandler
(org.springframework.security.access.expression.SecurityExpressionHandler<RequestAuthorizationContext> expressionHandler) Sets theSecurityExpressionHandler
to be used.toString()
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
Methods inherited from interface org.springframework.security.authorization.AuthorizationManager
verify
-
Constructor Details
-
WebExpressionAuthorizationManager
Creates an instance.- Parameters:
expressionString
- the raw expression string to parse
-
-
Method Details
-
setExpressionHandler
public void setExpressionHandler(org.springframework.security.access.expression.SecurityExpressionHandler<RequestAuthorizationContext> expressionHandler) Sets theSecurityExpressionHandler
to be used. The default isDefaultHttpSecurityExpressionHandler
.- Parameters:
expressionHandler
- theSecurityExpressionHandler
to use
-
check
public org.springframework.security.authorization.AuthorizationDecision check(Supplier<org.springframework.security.core.Authentication> authentication, RequestAuthorizationContext context) Determines the access by evaluating the provided expression.- Specified by:
check
in interfaceorg.springframework.security.authorization.AuthorizationManager<RequestAuthorizationContext>
- Parameters:
authentication
- theSupplier
of theAuthentication
to checkcontext
- theRequestAuthorizationContext
to check- Returns:
- an
ExpressionAuthorizationDecision
based on the evaluated expression
-
toString
-