Package org.springframework.security.web.access.expression

Class WebSecurityExpressionRoot

java.lang.Object
org.springframework.security.access.expression.SecurityExpressionRoot<RequestAuthorizationContext>
org.springframework.security.web.access.expression.WebSecurityExpressionRoot
All Implemented Interfaces:
org.springframework.security.access.expression.SecurityExpressionOperations
public class WebSecurityExpressionRoot extends org.springframework.security.access.expression.SecurityExpressionRoot<RequestAuthorizationContext>
Since:
3.0

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    final jakarta.servlet.http.HttpServletRequest
    request
    Allows direct access to the request object

    Fields inherited from class org.springframework.security.access.expression.SecurityExpressionRoot

    admin, create, delete, denyAll, permitAll, read, write

  • Constructor Summary

    Constructors
    Constructor
    Description
    WebSecurityExpressionRoot(@Nullable org.springframework.security.core.Authentication a, FilterInvocation fi)
    Deprecated.
    Use WebSecurityExpressionRoot(Supplier, RequestAuthorizationContext) instead
    WebSecurityExpressionRoot(Supplier<? extends @Nullable org.springframework.security.core.Authentication> authentication, jakarta.servlet.http.HttpServletRequest request)
    Deprecated.
    Use WebSecurityExpressionRoot(Supplier, RequestAuthorizationContext) instead
    WebSecurityExpressionRoot(Supplier<? extends @Nullable org.springframework.security.core.Authentication> authentication, RequestAuthorizationContext context)
    Creates an instance for the given Supplier of the Authentication and HttpServletRequest.

  • Method Summary

    Modifier and Type
    Method
    Description
    boolean
    hasIpAddress(String ipAddress)
    Takes a specific IP address or a range using the IP/Netmask (e.g.

    Methods inherited from class org.springframework.security.access.expression.SecurityExpressionRoot

    denyAll, getAuthentication, getPrincipal, hasAllAuthorities, hasAllRoles, hasAnyAuthority, hasAnyRole, hasAuthority, hasPermission, hasPermission, hasRole, isAnonymous, isAuthenticated, isFullyAuthenticated, isRememberMe, permitAll, setAuthorizationManagerFactory, setDefaultRolePrefix, setPermissionEvaluator, setRoleHierarchy, setTrustResolver

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

    • request

      public final jakarta.servlet.http.HttpServletRequest request
      Allows direct access to the request object

  • Constructor Details

  • Method Details

    • hasIpAddress

      public boolean hasIpAddress(String ipAddress)
      Takes a specific IP address or a range using the IP/Netmask (e.g. 192.168.1.0/24 or 202.24.0.0/14).
      Parameters:
      ipAddress - the address or range of addresses from which the request must come.
      Returns:
      true if the IP address of the current request is in the required range.