Luke Taylor (Migrated from SEC-1149) said:
The API for WebInvocationPrivilegeEvaluator requires a FilterInvocation, which in turn requires use of the FilterInvocationUtils class. It would be better if FilterInvocation regarded as an internal concept and the API took the requestURI and HTTP method directly. FilterInvocationUtils could then be dropped as unnecessary.
Luke Taylor said:
WebInvocationPrivilegeEvaluator now contains isAllowed() methods which take the uri (and optionally context path and http method directly). FilterInvocationUtils has been deleted.