public
class
implements MethodSecurityExpressionHandler
DefaultMethodSecurityExpressionHandler
extends AbstractSecurityExpressionHandler<T>implements MethodSecurityExpressionHandler
| java.lang.Object | ||
| ↳ | org.springframework.security.access.expression.AbstractSecurityExpressionHandler<T> | |
| ↳ | org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler | |
Class Overview
The standard implementation of MethodSecurityExpressionHandler.
A single instance should usually be shared amongst the beans that require expression support.
Summary
| Fields | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| logger | |||||||||||
| Public Constructors | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Public Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
Uses a MethodSecurityEvaluationContext as the EvaluationContext implementation.
| |||||||||||
Filters the
filterTarget object (which must be either a collection or an array), by evaluating the
supplied expression. | |||||||||||
Used to inform the expression system of the return object for the given evaluation context.
| |||||||||||
| Protected Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
Implement in order to create a root object of the correct type for the supported invocation type.
| |||||||||||
|
[Expand]
Inherited Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
From class
org.springframework.security.access.expression.AbstractSecurityExpressionHandler
| |||||||||||
|
From class
java.lang.Object
| |||||||||||
|
From interface
org.springframework.context.ApplicationContextAware
| |||||||||||
|
From interface
org.springframework.security.access.expression.SecurityExpressionHandler
| |||||||||||
|
From interface
org.springframework.security.access.expression.method.MethodSecurityExpressionHandler
| |||||||||||
Fields
protected final Log logger
Public Constructors
public DefaultMethodSecurityExpressionHandler ()
Public Methods
public StandardEvaluationContext createEvaluationContextInternal (Authentication auth, MethodInvocation mi)
Uses a MethodSecurityEvaluationContext as the EvaluationContext implementation.
Parameters
| auth | the current authentication object |
|---|---|
| mi | the invocation (filter, method, channel) |
Returns
- A
StandardEvaluationContextor potentially a custom subclass if overridden.
public Object filter (Object filterTarget, Expression filterExpression, EvaluationContext ctx)
Filters the filterTarget object (which must be either a collection or an array), by evaluating the
supplied expression.
If a Collection is used, the original instance will be modified to contain the elements for which
the permission expression evaluates to true. For an array, a new array instance will be returned.
Parameters
| filterTarget | the array or collection to be filtered. |
|---|---|
| filterExpression | the expression which should be used as the filter condition. If it returns false on evaluation, the object will be removed from the returned collection |
| ctx | the current evaluation context (as created through a call to
createEvaluationContext(org.springframework.security.core.Authentication, Object) |
Returns
- the filtered collection or array
public void setParameterNameDiscoverer (ParameterNameDiscoverer parameterNameDiscoverer)
public void setReturnObject (Object returnObject, EvaluationContext ctx)
Used to inform the expression system of the return object for the given evaluation context. Only applies to method invocations.
Parameters
| returnObject | the return object value |
|---|---|
| ctx | the context within which the object should be set (as created through a call to
createEvaluationContext(org.springframework.security.core.Authentication, Object)
|
Protected Methods
protected SecurityExpressionRoot createSecurityExpressionRoot (Authentication authentication, MethodInvocation invocation)
Implement in order to create a root object of the correct type for the supported invocation type.
Parameters
| authentication | the current authentication object |
|---|---|
| invocation | the invocation (filter, method, channel) |
Returns
- the object wh