Examples with AuthorizationManager org.springframework.security.authorization.AuthorizationManager used on opensource projects

Example 1 with AuthorizationManager

use of org.springframework.security.authorization.AuthorizationManager in project spring-security by spring-projects.

the class RequestMatcherDelegatingAuthorizationManager method check.

/**
 * Delegates to a specific {@link AuthorizationManager} based on a
 * {@link RequestMatcher} evaluation.
 * @param authentication the {@link Supplier} of the {@link Authentication} to check
 * @param request the {@link HttpServletRequest} to check
 * @return an {@link AuthorizationDecision}. If there is no {@link RequestMatcher}
 * matching the request, or the {@link AuthorizationManager} could not decide, then
 * null is returned
 */
@Override
public AuthorizationDecision check(Supplier<Authentication> authentication, HttpServletRequest request) {
    if (this.logger.isTraceEnabled()) {
        this.logger.trace(LogMessage.format("Authorizing %s", request));
    }
    for (Map.Entry<RequestMatcher, AuthorizationManager<RequestAuthorizationContext>> mapping : this.mappings.entrySet()) {
        RequestMatcher matcher = mapping.getKey();
        MatchResult matchResult = matcher.matcher(request);
        if (matchResult.isMatch()) {
            AuthorizationManager<RequestAuthorizationContext> manager = mapping.getValue();
            if (this.logger.isTraceEnabled()) {
                this.logger.trace(LogMessage.format("Checking authorization on %s using %s", request, manager));
            }
            return manager.check(authentication, new RequestAuthorizationContext(request, matchResult.getVariables()));
        }
    }
    this.logger.trace("Abstaining since did not find matching RequestMatcher");
    return null;
}