Class DefaultHttpSecurityExpressionHandler
java.lang.Object
org.springframework.security.access.expression.AbstractSecurityExpressionHandler<RequestAuthorizationContext>
org.springframework.security.web.access.expression.DefaultHttpSecurityExpressionHandler
- All Implemented Interfaces:
org.springframework.aop.framework.AopInfrastructureBean
,org.springframework.beans.factory.Aware
,org.springframework.context.ApplicationContextAware
,org.springframework.security.access.expression.SecurityExpressionHandler<RequestAuthorizationContext>
public class DefaultHttpSecurityExpressionHandler
extends org.springframework.security.access.expression.AbstractSecurityExpressionHandler<RequestAuthorizationContext>
implements org.springframework.security.access.expression.SecurityExpressionHandler<RequestAuthorizationContext>
A
SecurityExpressionHandler
that uses a RequestAuthorizationContext
to
create a WebSecurityExpressionRoot
.- Since:
- 5.8
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionorg.springframework.expression.EvaluationContext
createEvaluationContext
(Supplier<org.springframework.security.core.Authentication> authentication, RequestAuthorizationContext context) protected org.springframework.security.access.expression.SecurityExpressionOperations
createSecurityExpressionRoot
(org.springframework.security.core.Authentication authentication, RequestAuthorizationContext context) void
setDefaultRolePrefix
(String defaultRolePrefix) Sets the default prefix to be added toSecurityExpressionRoot.hasAnyRole(String...)
orSecurityExpressionRoot.hasRole(String)
.void
setTrustResolver
(org.springframework.security.authentication.AuthenticationTrustResolver trustResolver) Sets theAuthenticationTrustResolver
to be used.Methods inherited from class org.springframework.security.access.expression.AbstractSecurityExpressionHandler
createEvaluationContext, createEvaluationContextInternal, getBeanResolver, getExpressionParser, getPermissionEvaluator, getRoleHierarchy, setApplicationContext, setExpressionParser, setPermissionEvaluator, setRoleHierarchy
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface org.springframework.security.access.expression.SecurityExpressionHandler
createEvaluationContext, getExpressionParser
-
Constructor Details
-
DefaultHttpSecurityExpressionHandler
public DefaultHttpSecurityExpressionHandler()
-
-
Method Details
-
createEvaluationContext
public org.springframework.expression.EvaluationContext createEvaluationContext(Supplier<org.springframework.security.core.Authentication> authentication, RequestAuthorizationContext context) - Specified by:
createEvaluationContext
in interfaceorg.springframework.security.access.expression.SecurityExpressionHandler<RequestAuthorizationContext>
-
createSecurityExpressionRoot
protected org.springframework.security.access.expression.SecurityExpressionOperations createSecurityExpressionRoot(org.springframework.security.core.Authentication authentication, RequestAuthorizationContext context) - Specified by:
createSecurityExpressionRoot
in classorg.springframework.security.access.expression.AbstractSecurityExpressionHandler<RequestAuthorizationContext>
-
setTrustResolver
public void setTrustResolver(org.springframework.security.authentication.AuthenticationTrustResolver trustResolver) Sets theAuthenticationTrustResolver
to be used. The default isAuthenticationTrustResolverImpl
.- Parameters:
trustResolver
- theAuthenticationTrustResolver
to use
-
setDefaultRolePrefix
Sets the default prefix to be added toSecurityExpressionRoot.hasAnyRole(String...)
orSecurityExpressionRoot.hasRole(String)
. For example, if hasRole("ADMIN") or hasRole("ROLE_ADMIN") is passed in, then the role ROLE_ADMIN will be used when the defaultRolePrefix is "ROLE_" (default).- Parameters:
defaultRolePrefix
- the default prefix to add to roles. The default is "ROLE_".
-