Package org.springframework.security.web.access.expression

Class DefaultHttpSecurityExpressionHandler

java.lang.Object
org.springframework.security.access.expression.AbstractSecurityExpressionHandler<RequestAuthorizationContext>
org.springframework.security.web.access.expression.DefaultHttpSecurityExpressionHandler
All Implemented Interfaces:
org.springframework.aop.framework.AopInfrastructureBean, org.springframework.beans.factory.Aware, org.springframework.context.ApplicationContextAware, org.springframework.security.access.expression.SecurityExpressionHandler<RequestAuthorizationContext>
public class DefaultHttpSecurityExpressionHandler extends org.springframework.security.access.expression.AbstractSecurityExpressionHandler<RequestAuthorizationContext> implements org.springframework.security.access.expression.SecurityExpressionHandler<RequestAuthorizationContext>
A SecurityExpressionHandler that uses a RequestAuthorizationContext to create a WebSecurityExpressionRoot.
Since:
5.8

  • Constructor Summary

    Constructors
    Constructor
    Description
    DefaultHttpSecurityExpressionHandler()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    org.springframework.expression.EvaluationContext
    createEvaluationContext(Supplier<? extends @Nullable org.springframework.security.core.Authentication> authentication, RequestAuthorizationContext context)
     
    protected org.springframework.security.access.expression.SecurityExpressionOperations
    createSecurityExpressionRoot(@Nullable org.springframework.security.core.Authentication authentication, RequestAuthorizationContext context)
     
    void
    setDefaultRolePrefix(String defaultRolePrefix)
    Deprecated.
    Use AbstractSecurityExpressionHandler.setAuthorizationManagerFactory(AuthorizationManagerFactory) instead
    void
    setTrustResolver(org.springframework.security.authentication.AuthenticationTrustResolver trustResolver)
    Deprecated.
    Use AbstractSecurityExpressionHandler.setAuthorizationManagerFactory(AuthorizationManagerFactory) instead

    Methods inherited from class org.springframework.security.access.expression.AbstractSecurityExpressionHandler

    createEvaluationContext, createEvaluationContextInternal, getAuthorizationManagerFactory, getBeanResolver, getDefaultAuthorizationManagerFactory, getExpressionParser, getPermissionEvaluator, getRoleHierarchy, setApplicationContext, setAuthorizationManagerFactory, setExpressionParser, setPermissionEvaluator, setRoleHierarchy

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    Methods inherited from interface org.springframework.security.access.expression.SecurityExpressionHandler

    createEvaluationContext, getExpressionParser

  • Constructor Details

    • DefaultHttpSecurityExpressionHandler

      public DefaultHttpSecurityExpressionHandler()

  • Method Details

    • createEvaluationContext

      public org.springframework.expression.EvaluationContext createEvaluationContext(Supplier<? extends @Nullable org.springframework.security.core.Authentication> authentication, RequestAuthorizationContext context)
      Specified by:
      createEvaluationContext in interface org.springframework.security.access.expression.SecurityExpressionHandler<RequestAuthorizationContext>

    • createSecurityExpressionRoot

      protected org.springframework.security.access.expression.SecurityExpressionOperations createSecurityExpressionRoot(@Nullable org.springframework.security.core.Authentication authentication, RequestAuthorizationContext context)
      Specified by:
      createSecurityExpressionRoot in class org.springframework.security.access.expression.AbstractSecurityExpressionHandler<RequestAuthorizationContext>

    • setTrustResolver

      @Deprecated(since="7.0") public void setTrustResolver(org.springframework.security.authentication.AuthenticationTrustResolver trustResolver)
      Deprecated.
      Use AbstractSecurityExpressionHandler.setAuthorizationManagerFactory(AuthorizationManagerFactory) instead
      Sets the AuthenticationTrustResolver to be used. The default is AuthenticationTrustResolverImpl.
      Parameters:
      trustResolver - the AuthenticationTrustResolver to use

    • setDefaultRolePrefix

      @Deprecated(since="7.0") public void setDefaultRolePrefix(String defaultRolePrefix)
      Deprecated.
      Use AbstractSecurityExpressionHandler.setAuthorizationManagerFactory(AuthorizationManagerFactory) instead
      Sets the default prefix to be added to SecurityExpressionRoot.hasAnyRole(String...) or SecurityExpressionRoot.hasRole(String). For example, if hasRole("ADMIN") or hasRole("ROLE_ADMIN") is passed in, then the role ROLE_ADMIN will be used when the defaultRolePrefix is "ROLE_" (default).
      Parameters:
      defaultRolePrefix - the default prefix to add to roles. The default is "ROLE_".