List of usage examples for org.springframework.security.web FilterInvocation toString
@Override
public String toString()
From source file:org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator.java
/** * Determines whether the user represented by the supplied <tt>Authentication</tt> * object is allowed to invoke the supplied URI, with the given . * <p>/* ww w . j av a2 s . c om*/ * Note the default implementation of <tt>FilterInvocationSecurityMetadataSource</tt> * disregards the <code>contextPath</code> when evaluating which secure object * metadata applies to a given request URI, so generally the <code>contextPath</code> * is unimportant unless you are using a custom * <code>FilterInvocationSecurityMetadataSource</code>. * * @param uri the URI excluding the context path * @param contextPath the context path (may be null, in which case a default value * will be used). * @param method the HTTP method (or null, for any method) * @param authentication the <tt>Authentication</tt> instance whose authorities should * be used in evaluation whether access should be granted. * @return true if access is allowed, false if denied */ public boolean isAllowed(String contextPath, String uri, String method, Authentication authentication) { Assert.notNull(uri, "uri parameter is required"); FilterInvocation fi = new FilterInvocation(contextPath, uri, method); Collection<ConfigAttribute> attrs = securityInterceptor.obtainSecurityMetadataSource().getAttributes(fi); if (attrs == null) { if (securityInterceptor.isRejectPublicInvocations()) { return false; } return true; } if (authentication == null) { return false; } try { securityInterceptor.getAccessDecisionManager().decide(authentication, fi, attrs); } catch (AccessDeniedException unauthorized) { if (logger.isDebugEnabled()) { logger.debug(fi.toString() + " denied for " + authentication.toString(), unauthorized); } return false; } return true; }