Java tutorial
package org.springframework.security.oauth2.provider.expression; import org.aopalliance.intercept.MethodInvocation; import org.springframework.expression.ExpressionParser; import org.springframework.expression.spel.support.StandardEvaluationContext; import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler; import org.springframework.security.core.Authentication; /** * <p> * A security expression handler that can handle default method security expressions plus the set provided by * {@link OAuth2SecurityExpressionMethods} using the variable oauth2 to access the methods. For example, the expression * <code>#oauth2.clientHasRole('ROLE_ADMIN')</code> would invoke {@link OAuth2SecurityExpressionMethods#clientHasRole} * </p> * <p> * By default the {@link OAuth2ExpressionParser} is used. If this is undesirable one can inject their own * {@link ExpressionParser} using {@link #setExpressionParser(ExpressionParser)}. * </p> * * @author Dave Syer * @author Rob Winch * @see OAuth2ExpressionParser */ public class OAuth2MethodSecurityExpressionHandler extends DefaultMethodSecurityExpressionHandler { public OAuth2MethodSecurityExpressionHandler() { setExpressionParser(new OAuth2ExpressionParser(getExpressionParser())); } @Override public StandardEvaluationContext createEvaluationContextInternal(Authentication authentication, MethodInvocation mi) { StandardEvaluationContext ec = super.createEvaluationContextInternal(authentication, mi); ec.setVariable("oauth2", new OAuth2SecurityExpressionMethods(authentication)); return ec; } }