Package org.springframework.security.web.access

Class AuthorizationManagerWebInvocationPrivilegeEvaluator

java.lang.Object
org.springframework.security.web.access.AuthorizationManagerWebInvocationPrivilegeEvaluator
All Implemented Interfaces:
org.springframework.beans.factory.Aware, WebInvocationPrivilegeEvaluator, org.springframework.web.context.ServletContextAware
public final class AuthorizationManagerWebInvocationPrivilegeEvaluator extends Object implements WebInvocationPrivilegeEvaluator, org.springframework.web.context.ServletContextAware
An implementation of WebInvocationPrivilegeEvaluator which delegates the checks to an instance of AuthorizationManager
Since:
5.5.5

  • Constructor Summary

    Constructors
    Constructor
    Description
    AuthorizationManagerWebInvocationPrivilegeEvaluator(org.springframework.security.authorization.AuthorizationManager<jakarta.servlet.http.HttpServletRequest> authorizationManager)
     

  • Method Summary

    Modifier and Type
    Method
    Description
    boolean
    isAllowed(String contextPath, String uri, String method, org.springframework.security.core.Authentication authentication)
    Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI, with the given .
    boolean
    isAllowed(String uri, org.springframework.security.core.Authentication authentication)
    Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI.
    void
    setServletContext(jakarta.servlet.ServletContext servletContext)
     

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • AuthorizationManagerWebInvocationPrivilegeEvaluator

      public AuthorizationManagerWebInvocationPrivilegeEvaluator(org.springframework.security.authorization.AuthorizationManager<jakarta.servlet.http.HttpServletRequest> authorizationManager)

  • Method Details

    • isAllowed

      public boolean isAllowed(String uri, org.springframework.security.core.Authentication authentication)
      Description copied from interface: WebInvocationPrivilegeEvaluator
      Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI.
      Specified by:
      isAllowed in interface WebInvocationPrivilegeEvaluator
      Parameters:
      uri - the URI excluding the context path (a default context path setting will be used)

    • isAllowed

      public boolean isAllowed(String contextPath, String uri, String method, org.springframework.security.core.Authentication authentication)
      Description copied from interface: WebInvocationPrivilegeEvaluator
      Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI, with the given .

      Note the default implementation of FilterInvocationSecurityMetadataSource disregards the contextPath when evaluating which secure object metadata applies to a given request URI, so generally the contextPath is unimportant unless you are using a custom FilterInvocationSecurityMetadataSource.

      Specified by:
      isAllowed in interface WebInvocationPrivilegeEvaluator
      Parameters:
      contextPath - the context path (may be null).
      uri - the URI excluding the context path
      method - the HTTP method (or null, for any method)
      authentication - the Authentication instance whose authorities should be used in evaluation whether access should be granted.
      Returns:
      true if access is allowed, false if denied

    • setServletContext

      public void setServletContext(jakarta.servlet.ServletContext servletContext)
      Specified by:
      setServletContext in interface org.springframework.web.context.ServletContextAware