Class HandlerMappingIntrospector

java.lang.Object
org.springframework.web.servlet.handler.HandlerMappingIntrospector
All Implemented Interfaces:
Aware, InitializingBean, ApplicationContextAware, CorsConfigurationSource, PreFlightRequestHandler
@Deprecated(since="7.0", forRemoval=true) public class HandlerMappingIntrospector extends Object implements CorsConfigurationSource, PreFlightRequestHandler, ApplicationContextAware, InitializingBean
Deprecated, for removal: This API element is subject to removal in a future version.
in favor of using just PathPatternParser; when allHandlerMappingsUsePathPatternParser() returns true, it is sufficient to use that to align with handler mappings.
Helper class to get information from the HandlerMapping that would serve a specific request.

Provides the following methods:

Note that this is primarily an SPI to allow Spring Security to align its pattern matching with the same pattern matching that would be used in Spring MVC for a given request, in order to avoid security issues.

Use of this component incurs the performance overhead of mapping the request, and should not be repeated multiple times per request. createCacheFilter() exposes a Filter to cache the results. Applications that rely on Spring Security don't need to deploy this Filter since Spring Security doe that. However, other custom security layers, used in place of Spring Security that use this component should deploy the cache Filter with requirements described in the Javadoc for the method.

Since:
4.3.1
Author:
Rossen Stoyanchev

  • Constructor Details

    • HandlerMappingIntrospector

      public HandlerMappingIntrospector()
      Deprecated, for removal: This API element is subject to removal in a future version.

  • Method Details

    • setPatternCacheLimit

      public void setPatternCacheLimit(int patternCacheLimit)
      Deprecated, for removal: This API element is subject to removal in a future version.
      Set a limit on the maximum number of security patterns passed into MatchableHandlerMapping.match(HttpServletRequest, String) at runtime to cache.

      By default, this is set to 2048.

      Parameters:
      patternCacheLimit - the limit to use
      Since:
      6.2.8

    • getPatternCacheLimit

      public int getPatternCacheLimit()
      Deprecated, for removal: This API element is subject to removal in a future version.
      Return the configured limit on security patterns to cache.
      Since:
      6.2.8

    • setApplicationContext

      public void setApplicationContext(ApplicationContext applicationContext)
      Deprecated, for removal: This API element is subject to removal in a future version.
      Description copied from interface: ApplicationContextAware
      Set the ApplicationContext that this object runs in. Normally this call will be used to initialize the object.

      Invoked after population of normal bean properties but before an init callback such as InitializingBean.afterPropertiesSet() or a custom init-method. Invoked after ResourceLoaderAware.setResourceLoader(ResourceLoader), ApplicationEventPublisherAware.setApplicationEventPublisher(ApplicationEventPublisher) and MessageSourceAware, if applicable.

      Specified by:
      setApplicationContext in interface ApplicationContextAware
      Parameters:
      applicationContext - the ApplicationContext object to be used by this object
      See Also:

    • afterPropertiesSet

      public void afterPropertiesSet()
      Deprecated, for removal: This API element is subject to removal in a future version.
      Description copied from interface: InitializingBean
      Invoked by the containing BeanFactory after it has set all bean properties and satisfied BeanFactoryAware, ApplicationContextAware etc.

      This method allows the bean instance to perform validation of its overall configuration and final initialization when all bean properties have been set.

      Specified by:
      afterPropertiesSet in interface InitializingBean

    • getHandlerMappings

      public List<HandlerMapping> getHandlerMappings()
      Deprecated, for removal: This API element is subject to removal in a future version.
      Return the configured or detected HandlerMappings.

    • allHandlerMappingsUsePathPatternParser

      public boolean allHandlerMappingsUsePathPatternParser()
      Deprecated, for removal: This API element is subject to removal in a future version.
      Return true if all HandlerMapping beans use parsed PathPatterns, and false if any don't.
      Since:
      6.2

    • handlePreFlight

      public void handlePreFlight(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) throws Exception
      Deprecated, for removal: This API element is subject to removal in a future version.
      Find the matching HandlerMapping for the request, and invoke the handler it returns as a PreFlightRequestHandler.
      Specified by:
      handlePreFlight in interface PreFlightRequestHandler
      Parameters:
      request - current HTTP request
      response - current HTTP response
      Throws:
      NoHandlerFoundException - if no handler matches the request
      Exception
      Since:
      6.2

    • createCacheFilter

      public jakarta.servlet.Filter createCacheFilter()
      Deprecated, for removal: This API element is subject to removal in a future version.
      Filter that looks up the MatchableHandlerMapping and CorsConfiguration for the request proactively before delegating to the rest of the chain, caching the result in a request attribute, and restoring it after the chain returns.

      Note: Applications that rely on Spring Security do not use this component directly and should not deploy the filter instead allowing Spring Security to do it. Other custom security layers used in place of Spring Security that also rely on HandlerMappingIntrospector should deploy this filter ahead of other filters where lookups are performed, and should also make sure the filter is configured to handle all dispatcher types.

      Returns:
      the Filter instance to use
      Since:
      6.0.14

    • setCache

      public @Nullable HandlerMappingIntrospector.CachedResult setCache(jakarta.servlet.http.HttpServletRequest request)
      Deprecated, for removal: This API element is subject to removal in a future version.
      Perform a lookup and save the HandlerMappingIntrospector.CachedResult as a request attribute. This method can be invoked from a filter before subsequent calls to getMatchableHandlerMapping(HttpServletRequest) and getCorsConfiguration(HttpServletRequest) to avoid repeated lookups.
      Parameters:
      request - the current request
      Returns:
      the previous HandlerMappingIntrospector.CachedResult, if there is one from a parent dispatch
      Since:
      6.0.14

    • resetCache

      public void resetCache(jakarta.servlet.ServletRequest request, @Nullable HandlerMappingIntrospector.CachedResult cachedResult)
      Deprecated, for removal: This API element is subject to removal in a future version.
      Restore a previous HandlerMappingIntrospector.CachedResult. This method can be invoked from a filter after delegating to the rest of the chain.
      Since:
      6.0.14

    • getMatchableHandlerMapping

      public @Nullable MatchableHandlerMapping getMatchableHandlerMapping(jakarta.servlet.http.HttpServletRequest request) throws Exception
      Deprecated, for removal: This API element is subject to removal in a future version.
      Find the HandlerMapping that would handle the given request and return a MatchableHandlerMapping to use for path matching.
      Parameters:
      request - the current request
      Returns:
      the resolved MatchableHandlerMapping, or null
      Throws:
      IllegalStateException - if the matching HandlerMapping is not an instance of MatchableHandlerMapping
      Exception - if any of the HandlerMapping's raise an exception

    • getCorsConfiguration

      public @Nullable CorsConfiguration getCorsConfiguration(jakarta.servlet.http.HttpServletRequest request)
      Deprecated, for removal: This API element is subject to removal in a future version.
      Description copied from interface: CorsConfigurationSource
      Return a CorsConfiguration based on the incoming request.
      Specified by:
      getCorsConfiguration in interface CorsConfigurationSource
      Returns:
      the associated CorsConfiguration, or null if none