org.springframework.security.web.access.intercept
Class DefaultFilterInvocationSecurityMetadataSource

java.lang.Object
  extended by org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource
All Implemented Interfaces:
AopInfrastructureBean, SecurityMetadataSource, FilterInvocationSecurityMetadataSource
Direct Known Subclasses:
ExpressionBasedFilterInvocationSecurityMetadataSource

public class DefaultFilterInvocationSecurityMetadataSource
extends Object
implements FilterInvocationSecurityMetadataSource

Default implementation of FilterInvocationDefinitionSource.

Stores an ordered map of compiled URL paths to ConfigAttribute lists and provides URL matching against the items stored in this map using the configured UrlMatcher.

The order of registering the regular expressions using the #addSecureUrl(String, List) is very important. The system will identify the first matching regular expression for a given HTTP URL. It will not proceed to evaluate later regular expressions if a match has already been found. Accordingly, the most specific regular expressions should be registered first, with the most general regular expressions registered last.

If URLs are registered for a particular HTTP method using #addSecureUrl(String, String, List), then the method-specific matches will take precedence over any URLs which are registered without an HTTP method.

Version:
$Id: DefaultFilterInvocationSecurityMetadataSource.java 3933 2009-10-07 21:08:41Z ltaylor $
Author:
Ben Alex, Luke Taylor

Field Summary
protected  org.apache.commons.logging.Log logger
           
 
Constructor Summary
DefaultFilterInvocationSecurityMetadataSource(UrlMatcher urlMatcher, LinkedHashMap<RequestKey,Collection<ConfigAttribute>> requestMap)
          Builds the internal request map from the supplied map.
 
Method Summary
 Collection<ConfigAttribute> getAllConfigAttributes()
          If available, returns all of the ConfigAttributes defined by the implementing class.
 Collection<ConfigAttribute> getAttributes(Object object)
          Accesses the ConfigAttributes that apply to a given secure object.
protected  UrlMatcher getUrlMatcher()
           
 boolean isConvertUrlToLowercaseBeforeComparison()
           
 Collection<ConfigAttribute> lookupAttributes(String url, String method)
          Performs the actual lookup of the relevant ConfigAttributes for the given FilterInvocation.
 void setStripQueryStringFromUrls(boolean stripQueryStringFromUrls)
           
 boolean supports(Class<?> clazz)
          Indicates whether the SecurityMetadataSource implementation is able to provide ConfigAttributes for the indicated secure object type.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

logger

protected final org.apache.commons.logging.Log logger
Constructor Detail

DefaultFilterInvocationSecurityMetadataSource

public DefaultFilterInvocationSecurityMetadataSource(UrlMatcher urlMatcher,
                                                     LinkedHashMap<RequestKey,Collection<ConfigAttribute>> requestMap)
Builds the internal request map from the supplied map. The key elements should be of type RequestKey, which contains a URL path and an optional HTTP method (may be null). The path stored in the key will depend on the type of the supplied UrlMatcher.

Parameters:
urlMatcher - typically an ant or regular expression matcher.
requestMap - order-preserving map of request definitions to attribute lists
Method Detail

getAllConfigAttributes

public Collection<ConfigAttribute> getAllConfigAttributes()
Description copied from interface: SecurityMetadataSource
If available, returns all of the ConfigAttributes defined by the implementing class.

This is used by the AbstractSecurityInterceptor to perform startup time validation of each ConfigAttribute configured against it.

Specified by:
getAllConfigAttributes in interface SecurityMetadataSource
Returns:
the ConfigAttributes or null if unsupported

getAttributes

public Collection<ConfigAttribute> getAttributes(Object object)
Description copied from interface: SecurityMetadataSource
Accesses the ConfigAttributes that apply to a given secure object.

Returns null if no attributes apply.

Specified by:
getAttributes in interface SecurityMetadataSource
Parameters:
object - the object being secured
Returns:
the attributes that apply to the passed in secured object or null if there are no applicable attributes.

lookupAttributes

public final Collection<ConfigAttribute> lookupAttributes(String url,
                                                          String method)
Performs the actual lookup of the relevant ConfigAttributes for the given FilterInvocation.

By default, iterates through the stored URL map and calls the UrlMatcher.pathMatchesUrl(Object path, String url) method until a match is found.

Parameters:
url - the URI to retrieve configuration attributes for
method - the HTTP method (GET, POST, DELETE...), or null for any method.
Returns:
the ConfigAttributes that apply to the specified FilterInvocation or null if no match is found

supports

public boolean supports(Class<?> clazz)
Description copied from interface: SecurityMetadataSource
Indicates whether the SecurityMetadataSource implementation is able to provide ConfigAttributes for the indicated secure object type.

Specified by:
supports in interface SecurityMetadataSource
Parameters:
clazz - the class that is being queried
Returns:
true if the implementation can process the indicated class

getUrlMatcher

protected UrlMatcher getUrlMatcher()

isConvertUrlToLowercaseBeforeComparison

public boolean isConvertUrlToLowercaseBeforeComparison()

setStripQueryStringFromUrls

public void setStripQueryStringFromUrls(boolean stripQueryStringFromUrls)


Copyright © 2004-2009 SpringSource, Inc. All Rights Reserved.