root
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Actions 6 Packages Projects Releases Wiki Activity

Clarify WebInvocationPrivilegeEvaluator JavaDoc
CI / Build (17, ubuntu-latest) (push) Waiting to run Details
CI / Build (17, windows-latest) (push) Waiting to run Details
CI / Test Against Snapshots (17, 17) (push) Waiting to run Details
CI / Test Against Snapshots (21-ea, 21) (push) Waiting to run Details
CI / Check Samples (push) Waiting to run Details
CI / Deploy Artifacts (push) Blocked by required conditions Details
CI / Deploy Docs (push) Blocked by required conditions Details
CI / Deploy Schema (push) Blocked by required conditions Details
CI / Perform Release (push) Blocked by required conditions Details
CI / Send Notification (push) Blocked by required conditions Details
Deploy Docs / build (push) Waiting to run Details
Trigger Dependabot Auto Merge Forward / Trigger Workflow (push) Waiting to run Details 

Closes gh-16529

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
This commit is contained in:
Tran Ngoc Nhan 2025-02-07 07:29:49 +07:00 committed by Steve Riesenberg
parent a53ca7c3d0
commit ab6e9d2d1f
No known key found for this signature in database
GPG Key ID: 3D0169B18AB8F0A9
1 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
web/src/main/java/org/springframework/security/web/access/WebInvocationPrivilegeEvaluator.java
View File

@ -29,6 +29,9 @@ public interface WebInvocationPrivilegeEvaluator {
/**
* Determines whether the user represented by the supplied <tt>Authentication</tt>
* object is allowed to invoke the supplied URI.
* <p>
* Note this will only match authorization rules that don't require a certain
* {@code HttpMethod}.
* @param uri the URI excluding the context path (a default context path setting will
* be used)
*/
@ -36,13 +39,18 @@ public interface WebInvocationPrivilegeEvaluator {
/**
* Determines whether the user represented by the supplied <tt>Authentication</tt>
* object is allowed to invoke the supplied URI, with the given .
* object is allowed to invoke the supplied URI, with the given parameters.
* <p>
* Note the default implementation of <tt>FilterInvocationSecurityMetadataSource</tt>
* Note:
* <ul>
* <li>The default implementation of <tt>FilterInvocationSecurityMetadataSource</tt>
* disregards the <code>contextPath</code> when evaluating which secure object
* metadata applies to a given request URI, so generally the <code>contextPath</code>
* is unimportant unless you are using a custom
* <code>FilterInvocationSecurityMetadataSource</code>.
* <code>FilterInvocationSecurityMetadataSource</code>.</li>
* <li>this will only match authorization rules that don't require a certain
* {@code HttpMethod}.</li>
* </ul>
* @param uri the URI excluding the context path
* @param contextPath the context path (may be null).
* @param method the HTTP method (or null, for any method)