spring-security-config/org.springframework.security.config.annotation.web/AuthorizeHttpRequestsDsl

AuthorizeHttpRequestsDsl

class AuthorizeHttpRequestsDsl : AbstractRequestMatcherDsl

A Kotlin DSL to configure HttpSecurity request authorization using idiomatic Kotlin code.

Author

Yuriy Savchenko

Since

5.7

Constructors

Link copied to clipboard
constructor(context: ApplicationContext)

Properties

Link copied to clipboard
val anyRequest: RequestMatcher

Matches any request.

Link copied to clipboard
val authenticated: AuthorizationManager<in RequestAuthorizationContext>

Specify that URLs are allowed by any authenticated user.

Link copied to clipboard
val denyAll: AuthorizationManager<in RequestAuthorizationContext>

Specify that URLs are not allowed by anyone.

Link copied to clipboard
val fullyAuthenticated: AuthorizationManager<in RequestAuthorizationContext>

Specify that URLs are allowed by users who have authenticated and were not "remembered".

Link copied to clipboard
val permitAll: AuthorizationManager<in RequestAuthorizationContext>

Specify that URLs are allowed by anyone.

Functions

Link copied to clipboard
fun authorize(pattern: String, access: AuthorizationManager<in RequestAuthorizationContext>)
fun authorize(pattern: String, servletPath: String, access: AuthorizationManager<in RequestAuthorizationContext>)
fun authorize(method: HttpMethod, pattern: String, access: AuthorizationManager<in RequestAuthorizationContext>)
fun authorize(method: HttpMethod, pattern: String, servletPath: String, access: AuthorizationManager<in RequestAuthorizationContext>)

Adds a request authorization rule for an endpoint matching the provided pattern. If Spring MVC is on the classpath, it will use an MVC matcher. If Spring MVC is not on the classpath, it will use an ant matcher. The MVC will use the same rules that Spring MVC uses for matching. For example, often times a mapping of the path "/path" will match on "/path", "/path/", "/path.html", etc. If the current request will not be processed by Spring MVC, a reasonable default using the pattern as an ant pattern will be used.

fun authorize(matches: RequestMatcher = AnyRequestMatcher.INSTANCE, access: AuthorizationManager<in RequestAuthorizationContext>)

Adds a request authorization rule.

Link copied to clipboard
fun hasAllAuthorities(vararg authorities: String): AuthorizationManager<in RequestAuthorizationContext>

Specify that URLs require any of the provided authorities.

Link copied to clipboard
fun hasAllRoles(vararg roles: String): AuthorizationManager<in RequestAuthorizationContext>

Specify that URLs require any of the provided roles.

Link copied to clipboard
fun hasAnyAuthority(vararg authorities: String): AuthorizationManager<in RequestAuthorizationContext>

Specify that URLs require any of the provided authorities.

Link copied to clipboard
fun hasAnyRole(vararg roles: String): AuthorizationManager<in RequestAuthorizationContext>

Specify that URLs require any of the provided roles.

Link copied to clipboard
fun hasAuthority(authority: String): AuthorizationManager<in RequestAuthorizationContext>

Specify that URLs require a particular authority.

Link copied to clipboard
fun hasIpAddress(ipAddress: String): AuthorizationManager<RequestAuthorizationContext>

Require a specific IP or range of IP addresses.

Link copied to clipboard
fun hasRole(role: String): AuthorizationManager<in RequestAuthorizationContext>

Specify that URLs require a particular role.

Generated by Dokka
© 2026 Copyright