Package org.springframework.security.web.access.expression

Class WebExpressionAuthorizationManager

java.lang.Object
org.springframework.security.web.access.expression.WebExpressionAuthorizationManager
All Implemented Interfaces:
org.springframework.security.authorization.AuthorizationManager<RequestAuthorizationContext>
public final class WebExpressionAuthorizationManager extends Object implements org.springframework.security.authorization.AuthorizationManager<RequestAuthorizationContext>
An expression-based AuthorizationManager that determines the access by evaluating the provided expression.
Since:
5.8

  • Constructor Details

    • WebExpressionAuthorizationManager

      public WebExpressionAuthorizationManager(String expressionString)
      Creates an instance.
      Parameters:
      expressionString - the raw expression string to parse

  • Method Details

    • setExpressionHandler

      public void setExpressionHandler(org.springframework.security.access.expression.SecurityExpressionHandler<RequestAuthorizationContext> expressionHandler)
      Sets the SecurityExpressionHandler to be used. The default is DefaultHttpSecurityExpressionHandler.
      Parameters:
      expressionHandler - the SecurityExpressionHandler to use

    • check

      public org.springframework.security.authorization.AuthorizationDecision check(Supplier<org.springframework.security.core.Authentication> authentication, RequestAuthorizationContext context)
      Determines the access by evaluating the provided expression.
      Specified by:
      check in interface org.springframework.security.authorization.AuthorizationManager<RequestAuthorizationContext>
      Parameters:
      authentication - the Supplier of the Authentication to check
      context - the RequestAuthorizationContext to check
      Returns:
      an ExpressionAuthorizationDecision based on the evaluated expression

    • toString

      public String toString()
      Overrides:
      toString in class Object