Package org.springframework.security.web.access.expression

Class DefaultWebSecurityExpressionHandler

java.lang.Object
org.springframework.security.access.expression.AbstractSecurityExpressionHandler<org.springframework.security.web.FilterInvocation>
org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler
All Implemented Interfaces:
org.springframework.aop.framework.AopInfrastructureBean, org.springframework.beans.factory.Aware, org.springframework.context.ApplicationContextAware, org.springframework.security.access.expression.SecurityExpressionHandler<org.springframework.security.web.FilterInvocation>
public class DefaultWebSecurityExpressionHandler extends org.springframework.security.access.expression.AbstractSecurityExpressionHandler<org.springframework.security.web.FilterInvocation> implements org.springframework.security.access.expression.SecurityExpressionHandler<org.springframework.security.web.FilterInvocation>
Since:
3.0

  • Constructor Summary

    Constructors
    Constructor
    Description
    DefaultWebSecurityExpressionHandler()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    protected org.springframework.security.access.expression.SecurityExpressionOperations
    createSecurityExpressionRoot(@Nullable org.springframework.security.core.Authentication authentication, org.springframework.security.web.FilterInvocation fi)
     
    void
    setDefaultRolePrefix(@Nullable String defaultRolePrefix)
    Deprecated.
    Use AbstractSecurityExpressionHandler.setAuthorizationManagerFactory(AuthorizationManagerFactory) instead
    void
    setTrustResolver(org.springframework.security.authentication.AuthenticationTrustResolver trustResolver)
    Deprecated.
    Use AbstractSecurityExpressionHandler.setAuthorizationManagerFactory(AuthorizationManagerFactory) instead

    Methods inherited from class org.springframework.security.access.expression.AbstractSecurityExpressionHandler

    createEvaluationContext, createEvaluationContextInternal, getAuthorizationManagerFactory, getBeanResolver, getDefaultAuthorizationManagerFactory, getExpressionParser, getPermissionEvaluator, getRoleHierarchy, setApplicationContext, setAuthorizationManagerFactory, setExpressionParser, setPermissionEvaluator, setRoleHierarchy

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    Methods inherited from interface org.springframework.security.access.expression.SecurityExpressionHandler

    createEvaluationContext, createEvaluationContext, getExpressionParser

  • Constructor Details

    • DefaultWebSecurityExpressionHandler

      public DefaultWebSecurityExpressionHandler()

  • Method Details

    • createSecurityExpressionRoot

      protected org.springframework.security.access.expression.SecurityExpressionOperations createSecurityExpressionRoot(@Nullable org.springframework.security.core.Authentication authentication, org.springframework.security.web.FilterInvocation fi)
      Specified by:
      createSecurityExpressionRoot in class org.springframework.security.access.expression.AbstractSecurityExpressionHandler<org.springframework.security.web.FilterInvocation>

    • setTrustResolver

      @Deprecated(since="7.0") public void setTrustResolver(org.springframework.security.authentication.AuthenticationTrustResolver trustResolver)
      Deprecated.
      Use AbstractSecurityExpressionHandler.setAuthorizationManagerFactory(AuthorizationManagerFactory) instead
      Sets the AuthenticationTrustResolver to be used. The default is AuthenticationTrustResolverImpl.
      Parameters:
      trustResolver - the AuthenticationTrustResolver to use. Cannot be null.

    • setDefaultRolePrefix

      @Deprecated(since="7.0") public void setDefaultRolePrefix(@Nullable String defaultRolePrefix)
      Deprecated.
      Use AbstractSecurityExpressionHandler.setAuthorizationManagerFactory(AuthorizationManagerFactory) instead

      Sets the default prefix to be added to SecurityExpressionRoot.hasAnyRole(String...) or SecurityExpressionRoot.hasRole(String). For example, if hasRole("ADMIN") or hasRole("ROLE_ADMIN") is passed in, then the role ROLE_ADMIN will be used when the defaultRolePrefix is "ROLE_" (default).

      If null or empty, then no default role prefix is used.

      Parameters:
      defaultRolePrefix - the default prefix to add to roles. Default "ROLE_".