Package org.springframework.security.access.expression

Class SecurityExpressionRoot

java.lang.Object

org.springframework.security.access.expression.SecurityExpressionRoot

All Implemented Interfaces:

SecurityExpressionOperations

Direct Known Subclasses:

MessageSecurityExpressionRoot, WebSecurityExpressionRoot

public abstract class SecurityExpressionRoot
extends Object
implements SecurityExpressionOperations

Base root object for use in Spring Security expression evaluations.

Since:

3.0

Field Summary

Fields

Modifier and Type	Field	Description
final String	admin
final String	create
final String	delete
final boolean	denyAll	Allows "denyAll" expression
final boolean	permitAll	Allows "permitAll" expression
final String	read
final String	write

Constructor Summary

Constructors

Constructor	Description
SecurityExpressionRoot(Supplier<Authentication> authentication)	Creates a new instance that uses lazy initialization of the Authentication object.
SecurityExpressionRoot(Authentication authentication)	Creates a new instance

Method Summary

Modifier and Type	Method	Description
final boolean	denyAll()	Always denies access
final Authentication	getAuthentication()	Gets the Authentication used for evaluating the expressions
Object	getPrincipal()	Convenience method to access Authentication.getPrincipal() from getAuthentication()
final boolean	hasAnyAuthority(String... authorities)	Determines if the SecurityExpressionOperations.getAuthentication() has any of the specified authorities within Authentication.getAuthorities().
final boolean	hasAnyRole(String... roles)	Determines if the SecurityExpressionOperations.getAuthentication() has any of the specified authorities within Authentication.getAuthorities().
final boolean	hasAuthority(String authority)	Determines if the SecurityExpressionOperations.getAuthentication() has a particular authority within Authentication.getAuthorities().
boolean	hasPermission(Object target, Object permission)	Determines if the SecurityExpressionOperations.getAuthentication() has permission to access the target given the permission
boolean	hasPermission(Object targetId, String targetType, Object permission)	Determines if the SecurityExpressionOperations.getAuthentication() has permission to access the domain object with a given id, type, and permission.
final boolean	hasRole(String role)	Determines if the SecurityExpressionOperations.getAuthentication() has a particular authority within Authentication.getAuthorities().
final boolean	isAnonymous()	Determines if the SecurityExpressionOperations.getAuthentication() is anonymous
final boolean	isAuthenticated()	Determines ifthe SecurityExpressionOperations.getAuthentication() is authenticated
final boolean	isFullyAuthenticated()	Determines if the SecurityExpressionOperations.getAuthentication() authenticated without the use of remember me
final boolean	isRememberMe()	Determines if the SecurityExpressionOperations.getAuthentication() was authenticated using remember me
final boolean	permitAll()	Always grants access.
void	setDefaultRolePrefix(String defaultRolePrefix)	Sets the default prefix to be added to hasAnyRole(String...) or hasRole(String).
void	setPermissionEvaluator(PermissionEvaluator permissionEvaluator)
void	setRoleHierarchy(RoleHierarchy roleHierarchy)
void	setTrustResolver(AuthenticationTrustResolver trustResolver)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

permitAll

public final boolean permitAll

Allows "permitAll" expression

See Also:

• Constant Field Values

denyAll

public final boolean denyAll

Allows "denyAll" expression

See Also:

• Constant Field Values

read

public final String read

See Also:

• Constant Field Values

write

public final String write

See Also:

• Constant Field Values

create

public final String create

See Also:

• Constant Field Values

delete

public final String delete

See Also:

• Constant Field Values

admin

public final String admin

See Also:

• Constant Field Values

Constructor Details

SecurityExpressionRoot

public SecurityExpressionRoot(Authentication authentication)

Creates a new instance

Parameters:

authentication - the Authentication to use. Cannot be null.

SecurityExpressionRoot

public SecurityExpressionRoot(Supplier<Authentication> authentication)

Creates a new instance that uses lazy initialization of the Authentication object.

Parameters:

authentication - the Supplier of the Authentication to use. Cannot be null.

Since:

5.8

Method Details

hasAuthority

public final boolean hasAuthority(String authority)

Description copied from interface: SecurityExpressionOperations

Determines if the SecurityExpressionOperations.getAuthentication() has a particular authority within Authentication.getAuthorities().

Specified by:

hasAuthority in interface SecurityExpressionOperations

Parameters:

authority - the authority to test (i.e. "ROLE_USER")

Returns:

true if the authority is found, else false

hasAnyAuthority

public final boolean hasAnyAuthority(String... authorities)

Description copied from interface: SecurityExpressionOperations

Determines if the SecurityExpressionOperations.getAuthentication() has any of the specified authorities within Authentication.getAuthorities().

Specified by:

hasAnyAuthority in interface SecurityExpressionOperations

Parameters:

authorities - the authorities to test (i.e. "ROLE_USER", "ROLE_ADMIN")

Returns:

true if any of the authorities is found, else false

hasRole

public final boolean hasRole(String role)

Description copied from interface: SecurityExpressionOperations

Determines if the SecurityExpressionOperations.getAuthentication() has a particular authority within Authentication.getAuthorities().

This is similar to SecurityExpressionOperations.hasAuthority(String) except that this method implies that the String passed in is a role. For example, if "USER" is passed in the implementation may convert it to use "ROLE_USER" instead. The way in which the role is converted may depend on the implementation settings.

Specified by:

hasRole in interface SecurityExpressionOperations

Parameters:

role - the authority to test (i.e. "USER")

Returns:

true if the authority is found, else false

hasAnyRole

public final boolean hasAnyRole(String... roles)

Description copied from interface: SecurityExpressionOperations

Determines if the SecurityExpressionOperations.getAuthentication() has any of the specified authorities within Authentication.getAuthorities().

This is a similar to hasAnyAuthority except that this method implies that the String passed in is a role. For example, if "USER" is passed in the implementation may convert it to use "ROLE_USER" instead. The way in which the role is converted may depend on the implementation settings.

Specified by:

hasAnyRole in interface SecurityExpressionOperations

Parameters:

roles - the authorities to test (i.e. "USER", "ADMIN")

Returns:

true if any of the authorities is found, else false

getAuthentication

public final Authentication getAuthentication()

Description copied from interface: SecurityExpressionOperations

Gets the Authentication used for evaluating the expressions

Specified by:

getAuthentication in interface SecurityExpressionOperations

Returns:

the Authentication for evaluating the expressions

permitAll

public final boolean permitAll()

Description copied from interface: SecurityExpressionOperations

Always grants access.

Specified by:

permitAll in interface SecurityExpressionOperations

Returns:

true

denyAll

public final boolean denyAll()

Description copied from interface: SecurityExpressionOperations

Always denies access

Specified by:

denyAll in interface SecurityExpressionOperations

Returns:

false

isAnonymous

public final boolean isAnonymous()

Description copied from interface: SecurityExpressionOperations

Determines if the SecurityExpressionOperations.getAuthentication() is anonymous

Specified by:

isAnonymous in interface SecurityExpressionOperations

Returns:

true if the user is anonymous, else false

isAuthenticated

public final boolean isAuthenticated()

Description copied from interface: SecurityExpressionOperations

Determines ifthe SecurityExpressionOperations.getAuthentication() is authenticated

Specified by:

isAuthenticated in interface SecurityExpressionOperations

Returns:

true if the SecurityExpressionOperations.getAuthentication() is authenticated, else false

isRememberMe

public final boolean isRememberMe()

Description copied from interface: SecurityExpressionOperations

Determines if the SecurityExpressionOperations.getAuthentication() was authenticated using remember me

Specified by:

isRememberMe in interface SecurityExpressionOperations

Returns:

true if the SecurityExpressionOperations.getAuthentication() authenticated using remember me, else false

isFullyAuthenticated

public final boolean isFullyAuthenticated()

Description copied from interface: SecurityExpressionOperations

Determines if the SecurityExpressionOperations.getAuthentication() authenticated without the use of remember me

Specified by:

isFullyAuthenticated in interface SecurityExpressionOperations

Returns:

true if the SecurityExpressionOperations.getAuthentication() authenticated without the use of remember me, else false

getPrincipal

public Object getPrincipal()

Convenience method to access Authentication.getPrincipal() from getAuthentication()

Returns:

setTrustResolver

public void setTrustResolver(AuthenticationTrustResolver trustResolver)

setRoleHierarchy

public void setRoleHierarchy(RoleHierarchy roleHierarchy)

setDefaultRolePrefix

public void setDefaultRolePrefix(String defaultRolePrefix)

Sets the default prefix to be added to hasAnyRole(String...) or hasRole(String). For example, if hasRole("ADMIN") or hasRole("ROLE_ADMIN") is passed in, then the role ROLE_ADMIN will be used when the defaultRolePrefix is "ROLE_" (default).

If null or empty, then no default role prefix is used.

Parameters:

defaultRolePrefix - the default prefix to add to roles. Default "ROLE_".

hasPermission

public boolean hasPermission(Object target,
 Object permission)

Description copied from interface: SecurityExpressionOperations

Determines if the SecurityExpressionOperations.getAuthentication() has permission to access the target given the permission

Specified by:

hasPermission in interface SecurityExpressionOperations

Parameters:

target - the target domain object to check permission on

permission - the permission to check on the domain object (i.e. "read", "write", etc).

Returns:

true if permission is granted to the SecurityExpressionOperations.getAuthentication(), else false

hasPermission

public boolean hasPermission(Object targetId,
 String targetType,
 Object permission)

Description copied from interface: SecurityExpressionOperations

Determines if the SecurityExpressionOperations.getAuthentication() has permission to access the domain object with a given id, type, and permission.

Specified by:

hasPermission in interface SecurityExpressionOperations

Parameters:

targetId - the identifier of the domain object to determine access

targetType - the type (i.e. com.example.domain.Message)

permission - the perission to check on the domain object (i.e. "read", "write", etc)

Returns:

true if permission is granted to the SecurityExpressionOperations.getAuthentication(), else false

setPermissionEvaluator

public void setPermissionEvaluator(PermissionEvaluator permissionEvaluator)