public interface

WebInvocationPrivilegeEvaluator

org.springframework.security.web.access.WebInvocationPrivilegeEvaluator
Known Indirect Subclasses

Class Overview

Allows users to determine whether they have privileges for a given web URI.

Summary

Public Methods
abstract boolean isAllowed(String contextPath, String uri, String method, Authentication authentication)
Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI, with the given .
abstract boolean isAllowed(String uri, Authentication authentication)
Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI.

Public Methods

public abstract boolean isAllowed (String contextPath, String uri, String method, Authentication authentication)

Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI, with the given .

Note the default implementation of FilterInvocationSecurityMetadataSource disregards the contextPath when evaluating which secure object metadata applies to a given request URI, so generally the contextPath is unimportant unless you are using a custom FilterInvocationSecurityMetadataSource.

Parameters
contextPath the context path (may be null).
uri the URI excluding the context path
method the HTTP method (or null, for any method)
authentication the Authentication instance whose authorities should be used in evaluation whether access should be granted.
Returns
  • true if access is allowed, false if denied

public abstract boolean isAllowed (String uri, Authentication authentication)

Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI.

Parameters
uri the URI excluding the context path (a default context path setting will be used)