public
class
implements WebInvocationPrivilegeEvaluator
DefaultWebInvocationPrivilegeEvaluator
extends Objectimplements WebInvocationPrivilegeEvaluator
| java.lang.Object | |
| ↳ | org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator |
Class Overview
Allows users to determine whether they have privileges for a given web URI.
Summary
| Fields | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| logger | |||||||||||
| Public Constructors | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Public Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
Determines whether the user represented by the supplied Authentication object is
allowed to invoke the supplied URI, with the given .
| |||||||||||
Determines whether the user represented by the supplied Authentication object is
allowed to invoke the supplied URI.
| |||||||||||
|
[Expand]
Inherited Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
From class
java.lang.Object
| |||||||||||
|
From interface
org.springframework.security.web.access.WebInvocationPrivilegeEvaluator
| |||||||||||
Fields
protected static final Log logger
Public Constructors
Public Methods
public boolean isAllowed (String contextPath, String uri, String method, Authentication authentication)
Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI, with the given .
Note the default implementation of FilterInvocationSecurityMetadataSource disregards the
contextPath when evaluating which secure object metadata applies to a given
request URI, so generally the contextPath is unimportant unless you
are using a custom FilterInvocationSecurityMetadataSource.
Parameters
| contextPath | the context path (may be null, in which case a default value will be used). |
|---|---|
| uri | the URI excluding the context path |
| method | the HTTP method (or null, for any method) |
| authentication | the Authentication instance whose authorities should be used in evaluation whether access should be granted. |
Returns
- true if access is allowed, false if denied
public boolean isAllowed (String uri, Authentication authentication)
Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI.
Parameters
| uri | the URI excluding the context path (a default context path setting will be used) |
|---|