WebExpressionAuthorizationManager (spring-security-docs 6.1.11 API)

java.lang.Object

org.springframework.security.web.access.expression.WebExpressionAuthorizationManager

All Implemented Interfaces:: AuthorizationManager<RequestAuthorizationContext>

public final class WebExpressionAuthorizationManager extends Object implements AuthorizationManager<RequestAuthorizationContext>

An expression-based AuthorizationManager that determines the access by evaluating the provided expression.

Since:: 5.8

Constructor Summary

Constructors

Constructor

Description

WebExpressionAuthorizationManager(String expressionString)

Creates an instance.
Method Summary

Modifier and Type

Method

Description

AuthorizationDecision

check(Supplier<Authentication> authentication, RequestAuthorizationContext context)

Determines the access by evaluating the provided expression.

void

setExpressionHandler(SecurityExpressionHandler<RequestAuthorizationContext> expressionHandler)

Sets the SecurityExpressionHandler to be used.

String

toString()

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface org.springframework.security.authorization.AuthorizationManager
verify

Constructor Details
- WebExpressionAuthorizationManager
  
  public WebExpressionAuthorizationManager(String expressionString)
  
  Creates an instance.
  
  Parameters:
  
  expressionString - the raw expression string to parse
Method Details
- setExpressionHandler
  
  public void setExpressionHandler(SecurityExpressionHandler<RequestAuthorizationContext> expressionHandler)
  
  Sets the SecurityExpressionHandler to be used. The default is DefaultHttpSecurityExpressionHandler.
  
  Parameters:
  
  expressionHandler - the SecurityExpressionHandler to use
- check
  
  public AuthorizationDecision check(Supplier<Authentication> authentication, RequestAuthorizationContext context)
  
  Determines the access by evaluating the provided expression.
  
  Specified by:
  
  check in interface AuthorizationManager<RequestAuthorizationContext>
  
  Parameters:
  
  authentication - the Supplier of the Authentication to check
  
  context - the RequestAuthorizationContext to check
  
  Returns:
  
  an ExpressionAuthorizationDecision based on the evaluated expression
- toString
  
  public String toString()
  
  Overrides:
  
  toString in class Object