Class Jsr250AuthorizationManager
java.lang.Object
org.springframework.security.authorization.method.Jsr250AuthorizationManager
- All Implemented Interfaces:
AuthorizationManager<org.aopalliance.intercept.MethodInvocation>
public final class Jsr250AuthorizationManager
extends Object
implements AuthorizationManager<org.aopalliance.intercept.MethodInvocation>
An
AuthorizationManager which can determine if an Authentication may
invoke the MethodInvocation by evaluating if the Authentication
contains a specified authority from the JSR-250 security annotations.- Since:
- 5.6
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptioncheck(Supplier<Authentication> authentication, org.aopalliance.intercept.MethodInvocation methodInvocation) Determine if anAuthenticationhas access to a method by evaluating theDenyAll,PermitAll, andRolesAllowedannotations thatMethodInvocationspecifies.voidsetRolePrefix(String rolePrefix) Sets the role prefix.Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface org.springframework.security.authorization.AuthorizationManager
verify
-
Constructor Details
-
Jsr250AuthorizationManager
public Jsr250AuthorizationManager()
-
-
Method Details
-
setRolePrefix
Sets the role prefix. Defaults to "ROLE_".- Parameters:
rolePrefix- the role prefix to use
-
check
public AuthorizationDecision check(Supplier<Authentication> authentication, org.aopalliance.intercept.MethodInvocation methodInvocation) Determine if anAuthenticationhas access to a method by evaluating theDenyAll,PermitAll, andRolesAllowedannotations thatMethodInvocationspecifies.- Specified by:
checkin interfaceAuthorizationManager<org.aopalliance.intercept.MethodInvocation>- Parameters:
authentication- theSupplierof theAuthenticationto checkmethodInvocation- theMethodInvocationto check- Returns:
- an
AuthorizationDecisionor null if the JSR-250 security annotations is not present
-