Class AuthorizationManagerWebInvocationPrivilegeEvaluator
java.lang.Object
org.springframework.security.web.access.AuthorizationManagerWebInvocationPrivilegeEvaluator
- All Implemented Interfaces:
org.springframework.beans.factory.Aware
,WebInvocationPrivilegeEvaluator
,org.springframework.web.context.ServletContextAware
public final class AuthorizationManagerWebInvocationPrivilegeEvaluator
extends Object
implements WebInvocationPrivilegeEvaluator, org.springframework.web.context.ServletContextAware
An implementation of
WebInvocationPrivilegeEvaluator
which delegates the checks
to an instance of AuthorizationManager
- Since:
- 5.5.5
-
Nested Class Summary
Modifier and TypeClassDescriptionstatic interface
Used to transform theHttpServletRequest
prior to passing it into theAuthorizationManager
. -
Constructor Summary
ConstructorDescriptionAuthorizationManagerWebInvocationPrivilegeEvaluator
(AuthorizationManager<jakarta.servlet.http.HttpServletRequest> authorizationManager) -
Method Summary
Modifier and TypeMethodDescriptionboolean
isAllowed
(String contextPath, String uri, String method, Authentication authentication) Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI, with the given .boolean
isAllowed
(String uri, Authentication authentication) Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI.void
setRequestTransformer
(AuthorizationManagerWebInvocationPrivilegeEvaluator.HttpServletRequestTransformer requestTransformer) Set aAuthorizationManagerWebInvocationPrivilegeEvaluator.HttpServletRequestTransformer
to be used prior to passing to theAuthorizationManager
.void
setServletContext
(jakarta.servlet.ServletContext servletContext)
-
Constructor Details
-
AuthorizationManagerWebInvocationPrivilegeEvaluator
public AuthorizationManagerWebInvocationPrivilegeEvaluator(AuthorizationManager<jakarta.servlet.http.HttpServletRequest> authorizationManager)
-
-
Method Details
-
isAllowed
Description copied from interface:WebInvocationPrivilegeEvaluator
Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI.- Specified by:
isAllowed
in interfaceWebInvocationPrivilegeEvaluator
- Parameters:
uri
- the URI excluding the context path (a default context path setting will be used)
-
isAllowed
public boolean isAllowed(String contextPath, String uri, String method, Authentication authentication) Description copied from interface:WebInvocationPrivilegeEvaluator
Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI, with the given .Note the default implementation of FilterInvocationSecurityMetadataSource disregards the
contextPath
when evaluating which secure object metadata applies to a given request URI, so generally thecontextPath
is unimportant unless you are using a customFilterInvocationSecurityMetadataSource
.- Specified by:
isAllowed
in interfaceWebInvocationPrivilegeEvaluator
- Parameters:
contextPath
- the context path (may be null).uri
- the URI excluding the context pathmethod
- the HTTP method (or null, for any method)authentication
- the Authentication instance whose authorities should be used in evaluation whether access should be granted.- Returns:
- true if access is allowed, false if denied
-
setServletContext
public void setServletContext(jakarta.servlet.ServletContext servletContext) - Specified by:
setServletContext
in interfaceorg.springframework.web.context.ServletContextAware
-
setRequestTransformer
public void setRequestTransformer(AuthorizationManagerWebInvocationPrivilegeEvaluator.HttpServletRequestTransformer requestTransformer) Set aAuthorizationManagerWebInvocationPrivilegeEvaluator.HttpServletRequestTransformer
to be used prior to passing to theAuthorizationManager
.- Parameters:
requestTransformer
- theAuthorizationManagerWebInvocationPrivilegeEvaluator.HttpServletRequestTransformer
to use.
-