Expand description
Security Expression Language (SpEL-like) for authorization.
§Spring Security Equivalent
org.springframework.security.access.expression
§Overview
This module provides a Spring Security-like expression language for defining complex authorization rules.
§Supported Expressions
§Built-in Functions
hasRole('ROLE')- Check if user has the specified rolehasAnyRole('ROLE1', 'ROLE2')- Check if user has any of the roleshasAuthority('AUTH')- Check if user has the specified authorityhasAnyAuthority('AUTH1', 'AUTH2')- Check if user has any authorityisAuthenticated()- Check if user is authenticatedpermitAll()- Always returns truedenyAll()- Always returns false
§Operators
AND/and/&&- Logical ANDOR/or/||- Logical ORNOT/not/!- Logical NOT()- Grouping
§Examples
ⓘ
use actix_security_core::http::security::expression::SecurityExpression;
let expr = SecurityExpression::parse("hasRole('ADMIN') OR hasAuthority('users:write')")?;
let result = expr.evaluate(&user);§Extensibility
Custom expressions can be added by implementing the ExpressionRoot trait:
ⓘ
use actix_security_core::http::security::expression::{ExpressionRoot, DefaultExpressionRoot};
use actix_security_core::http::security::User;
struct CustomExpressionRoot {
default: DefaultExpressionRoot,
}
impl ExpressionRoot for CustomExpressionRoot {
fn evaluate_function(&self, name: &str, args: &[String], user: Option<&User>) -> Option<bool> {
match name {
"isAdmin" => Some(user.map_or(false, |u| u.has_role("ADMIN"))),
"hasIpAddress" => {
// Custom IP check logic
Some(true)
}
_ => self.default.evaluate_function(name, args, user),
}
}
}Structs§
- Default
Expression Root - Default implementation of security expression functions.
- Expression
Evaluator - Evaluates security expressions against a user.
- Security
Expression - A parsed security expression.
Enums§
- Binary
Op - Binary operators for combining expressions.
- Expression
- A security expression AST node.
- Parse
Error - Error type for expression parsing.
- UnaryOp
- Unary operators for modifying expressions.
Traits§
- Expression
Root - Trait for evaluating security expression functions.