Class DefaultHttpSecurityExpressionHandler
java.lang.Object
org.springframework.security.access.expression.AbstractSecurityExpressionHandler<RequestAuthorizationContext>
org.springframework.security.web.access.expression.DefaultHttpSecurityExpressionHandler
- All Implemented Interfaces:
org.springframework.aop.framework.AopInfrastructureBean,org.springframework.beans.factory.Aware,org.springframework.context.ApplicationContextAware,org.springframework.security.access.expression.SecurityExpressionHandler<RequestAuthorizationContext>
public class DefaultHttpSecurityExpressionHandler
extends org.springframework.security.access.expression.AbstractSecurityExpressionHandler<RequestAuthorizationContext>
implements org.springframework.security.access.expression.SecurityExpressionHandler<RequestAuthorizationContext>
A
SecurityExpressionHandler that uses a RequestAuthorizationContext to
create a WebSecurityExpressionRoot.- Since:
- 5.8
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionorg.springframework.expression.EvaluationContextcreateEvaluationContext(Supplier<org.springframework.security.core.Authentication> authentication, RequestAuthorizationContext context) protected org.springframework.security.access.expression.SecurityExpressionOperationscreateSecurityExpressionRoot(org.springframework.security.core.Authentication authentication, RequestAuthorizationContext context) voidsetDefaultRolePrefix(String defaultRolePrefix) Sets the default prefix to be added toSecurityExpressionRoot.hasAnyRole(String...)orSecurityExpressionRoot.hasRole(String).voidsetTrustResolver(org.springframework.security.authentication.AuthenticationTrustResolver trustResolver) Sets theAuthenticationTrustResolverto be used.Methods inherited from class org.springframework.security.access.expression.AbstractSecurityExpressionHandler
createEvaluationContext, createEvaluationContextInternal, getBeanResolver, getExpressionParser, getPermissionEvaluator, getRoleHierarchy, setApplicationContext, setExpressionParser, setPermissionEvaluator, setRoleHierarchyMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface org.springframework.security.access.expression.SecurityExpressionHandler
createEvaluationContext, getExpressionParser
-
Constructor Details
-
DefaultHttpSecurityExpressionHandler
public DefaultHttpSecurityExpressionHandler()
-
-
Method Details
-
createEvaluationContext
public org.springframework.expression.EvaluationContext createEvaluationContext(Supplier<org.springframework.security.core.Authentication> authentication, RequestAuthorizationContext context) - Specified by:
createEvaluationContextin interfaceorg.springframework.security.access.expression.SecurityExpressionHandler<RequestAuthorizationContext>
-
createSecurityExpressionRoot
protected org.springframework.security.access.expression.SecurityExpressionOperations createSecurityExpressionRoot(org.springframework.security.core.Authentication authentication, RequestAuthorizationContext context) - Specified by:
createSecurityExpressionRootin classorg.springframework.security.access.expression.AbstractSecurityExpressionHandler<RequestAuthorizationContext>
-
setTrustResolver
public void setTrustResolver(org.springframework.security.authentication.AuthenticationTrustResolver trustResolver) Sets theAuthenticationTrustResolverto be used. The default isAuthenticationTrustResolverImpl.- Parameters:
trustResolver- theAuthenticationTrustResolverto use
-
setDefaultRolePrefix
Sets the default prefix to be added toSecurityExpressionRoot.hasAnyRole(String...)orSecurityExpressionRoot.hasRole(String). For example, if hasRole("ADMIN") or hasRole("ROLE_ADMIN") is passed in, then the role ROLE_ADMIN will be used when the defaultRolePrefix is "ROLE_" (default).- Parameters:
defaultRolePrefix- the default prefix to add to roles. The default is "ROLE_".
-