org.springframework.security.oauth2.provider.expression
Class OAuth2WebSecurityExpressionHandler
java.lang.Object
org.springframework.security.access.expression.AbstractSecurityExpressionHandler<org.springframework.security.web.FilterInvocation>
org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler
org.springframework.security.oauth2.provider.expression.OAuth2WebSecurityExpressionHandler
- All Implemented Interfaces:
- org.springframework.aop.framework.AopInfrastructureBean, org.springframework.beans.factory.Aware, org.springframework.context.ApplicationContextAware, org.springframework.security.access.expression.SecurityExpressionHandler<org.springframework.security.web.FilterInvocation>, org.springframework.security.web.access.expression.WebSecurityExpressionHandler
public class OAuth2WebSecurityExpressionHandler
- extends org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler
A security expression handler that can handle default web security expressions plus the set provided by
OAuth2SecurityExpressionMethods using the variable oauth2 to access the methods. For example, the expression
#oauth2.clientHasRole('ROLE_ADMIN') would invoke OAuth2SecurityExpressionMethods.clientHasRole(java.lang.String).
- Author:
- Dave Syer, Rob Winch
|
Method Summary |
protected org.springframework.expression.spel.support.StandardEvaluationContext |
createEvaluationContextInternal(org.springframework.security.core.Authentication authentication,
org.springframework.security.web.FilterInvocation invocation)
|
void |
setThrowExceptionOnInvalidScope(boolean throwException)
Flag to determine the behaviour on access denied if the reason is . |
| Methods inherited from class org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler |
createSecurityExpressionRoot |
| Methods inherited from class org.springframework.security.access.expression.AbstractSecurityExpressionHandler |
getExpressionParser, getPermissionEvaluator, getRoleHierarchy, setApplicationContext, setExpressionParser, setPermissionEvaluator, setRoleHierarchy |
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Methods inherited from interface org.springframework.security.access.expression.SecurityExpressionHandler |
getExpressionParser |
OAuth2WebSecurityExpressionHandler
public OAuth2WebSecurityExpressionHandler()
setThrowExceptionOnInvalidScope
public void setThrowExceptionOnInvalidScope(boolean throwException)
- Flag to determine the behaviour on access denied if the reason is . If set then we throw an
InvalidScopeException instead of returning true. This is unconventional for an access decision because it
vetos the other voters in the chain, but it enables us to pass a message to the caller with information about the
required scope.
- Parameters:
throwException - the flag to set (default true)
createEvaluationContextInternal
protected org.springframework.expression.spel.support.StandardEvaluationContext createEvaluationContextInternal(org.springframework.security.core.Authentication authentication,
org.springframework.security.web.FilterInvocation invocation)
- Overrides:
createEvaluationContextInternal in class org.springframework.security.access.expression.AbstractSecurityExpressionHandler<org.springframework.security.web.FilterInvocation>
Copyright © 2013. All rights reserved.