ExpressionUrlAuthorizationConfigurer (Spring Security 3.2.0.RC1 API)

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.springframework.security.config.annotation.web.configurers
Class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>

java.lang.Object
  org.springframework.security.config.annotation.SecurityConfigurerAdapter<O,B>
      org.springframework.security.config.annotation.web.AbstractRequestMatcherConfigurer<B,C,O>
          org.springframework.security.config.annotation.web.configurers.AbstractRequestMatcherMappingConfigurer<H,R,DefaultSecurityFilterChain>
              org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer<H>


Type Parameters:: H - the type of HttpSecurityBuilder that is being configured

All Implemented Interfaces:: SecurityConfigurer<DefaultSecurityFilterChain,H>

public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>
extends AbstractRequestMatcherMappingConfigurer<H,R,DefaultSecurityFilterChain>
extends AbstractRequestMatcherMappingConfigurer<H,R,DefaultSecurityFilterChain>

Adds URL based authorization based upon SpEL expressions to an application. At least one RequestMapping needs to be mapped to ConfigAttribute's for this SecurityContextConfigurer to have meaning.

Security Filters

The following Filters are populated

FilterSecurityInterceptor

Shared Objects Created

The following shared objects are populated to allow other SecurityConfigurer's to customize:

FilterSecurityInterceptor

Shared Objects Used

No shared objects are used.

Since:: 3.2
See Also:: org.springframework.security.config.annotation.web.builders.HttpSecurity#authorizeRequests()}

Nested Class Summary
`class`	`ExpressionUrlAuthorizationConfigurer.AuthorizedUrl`

Constructor Summary
`ExpressionUrlAuthorizationConfigurer()` Creates a new instance

Method Summary
`C`	`accessDecisionManager(AccessDecisionManager accessDecisionManager)` Allows setting the `AccessDecisionManager`.
`protected ExpressionUrlAuthorizationConfigurer.AuthorizedUrl`	`chainRequestMatchersInternal(List<RequestMatcher> requestMatchers)` Subclasses should implement this method for returning the object that is chained to the creation of the `RequestMatcher` instances.
`void`	`configure(H http)` Configure the `SecurityBuilder` by setting the necessary properties on the `SecurityBuilder`.
`ExpressionUrlAuthorizationConfigurer<H>`	`expressionHandler(SecurityExpressionHandler<FilterInvocation> expressionHandler)` Allows customization of the `SecurityExpressionHandler` to be used.
`C`	`filterSecurityInterceptorOncePerRequest(boolean filterSecurityInterceptorOncePerRequest)` Allows setting if the `FilterSecurityInterceptor` should be only applied once per request (i.e.
`ExpressionUrlAuthorizationConfigurer<H>`	`withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor)` Adds an `ObjectPostProcessor` for this class.

Methods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractRequestMatcherMappingConfigurer
`chainRequestMatchers`

Methods inherited from class org.springframework.security.config.annotation.web.AbstractRequestMatcherConfigurer
`antMatchers, antMatchers, anyRequest, regexMatchers, regexMatchers, requestMatchers`

Methods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter
`addObjectPostProcessor, and, getBuilder, init, postProcess, setBuilder`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Methods inherited from interface org.springframework.security.config.annotation.SecurityConfigurer
`init`

Constructor Detail

ExpressionUrlAuthorizationConfigurer

public ExpressionUrlAuthorizationConfigurer()

Creates a new instance

See Also:: HttpSecurity.authorizeRequests()

Method Detail

expressionHandler

public ExpressionUrlAuthorizationConfigurer<H> expressionHandler(SecurityExpressionHandler<FilterInvocation> expressionHandler)

Allows customization of the SecurityExpressionHandler to be used. The default is DefaultWebSecurityExpressionHandler

Parameters:: expressionHandler - the SecurityExpressionHandler to be used
Returns:: the ExpressionUrlAuthorizationConfigurer for further customization.

withObjectPostProcessor

public ExpressionUrlAuthorizationConfigurer<H> withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor)

Adds an ObjectPostProcessor for this class.

Parameters:: objectPostProcessor -
Returns:: the ExpressionUrlAuthorizationConfigurer for further customizations

chainRequestMatchersInternal

protected final ExpressionUrlAuthorizationConfigurer.AuthorizedUrl chainRequestMatchersInternal(List<RequestMatcher> requestMatchers)

Description copied from class: AbstractRequestMatcherMappingConfigurer

Subclasses should implement this method for returning the object that is chained to the creation of the RequestMatcher instances.

Specified by:: chainRequestMatchersInternal in class AbstractRequestMatcherMappingConfigurer<H extends HttpSecurityBuilder<H>,ExpressionUrlAuthorizationConfigurer.AuthorizedUrl,DefaultSecurityFilterChain>

Parameters:: requestMatchers - the RequestMatcher instances that were created
Returns:: the chained Object for the subclass which allows association of something else to the RequestMatcher

accessDecisionManager

public C accessDecisionManager(AccessDecisionManager accessDecisionManager)

Allows setting the AccessDecisionManager. If none is provided, a default is created.

Parameters:: accessDecisionManager - the AccessDecisionManager to use
Returns:: the AbstractInterceptUrlConfigurer for further customization

filterSecurityInterceptorOncePerRequest

public C filterSecurityInterceptorOncePerRequest(boolean filterSecurityInterceptorOncePerRequest)

Allows setting if the FilterSecurityInterceptor should be only applied once per request (i.e. if the filter intercepts on a forward, should it be applied again).

Parameters:: filterSecurityInterceptorOncePerRequest - if the FilterSecurityInterceptor should be only applied once per request
Returns:: the AbstractInterceptUrlConfigurer for further customization

configure

public void configure(H http)
               throws Exception

Description copied from interface: SecurityConfigurer

Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.

Specified by:: configure in interface SecurityConfigurer<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>
Overrides:: configure in class SecurityConfigurerAdapter<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>

Throws:: Exception