Package org.springframework.security.web.servlet.util.matcher

Class PathPatternRequestMatcher.Builder

java.lang.Object
org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher.Builder
Enclosing class:
PathPatternRequestMatcher
public static final class PathPatternRequestMatcher.Builder extends Object
A builder for specifying various elements of a request for the purpose of creating a PathPatternRequestMatcher.

To match a request URI like /app/servlet/my/resource/** where /app is the context path, you can do PathPatternRequestMatcher.withDefaults().matcher("/servlet/my/resource/**")

If you have many paths that have a common path prefix, you can use basePath to reduce repetition like so: 

     PathPatternRequestMatcher.Builder mvc = withDefaults().basePath("/mvc");
     http
         .authorizeHttpRequests((authorize) -> authorize
              .requestMatchers(mvc.matcher("/user/**")).hasAuthority("user")
              .requestMatchers(mvc.matcher("/admin/**")).hasAuthority("admin")
         )
             ...

  • Method Details

    • basePath

      public PathPatternRequestMatcher.Builder basePath(String basePath)
      Match requests starting with this basePath.

      Prefixes should be of the form /my/prefix, starting with a slash, not ending in a slash, and not containing and wildcards

      Parameters:
      basePath - the path prefix
      Returns:
      the PathPatternRequestMatcher.Builder for more configuration

    • matcher

      public PathPatternRequestMatcher matcher(String path)
      Match requests having this path pattern.

      When the HTTP method is null, then the matcher does not consider the HTTP method

      Path patterns always start with a slash and may contain placeholders. They can also be followed by /** to signify all URIs under a given path.

      These must be specified relative to any servlet path prefix (meaning you should exclude the context path and any servlet path prefix in stating your pattern).

      The following are valid patterns and their meaning

      • /path - match exactly and only `/path`
      • /path/** - match `/path` and any of its descendents
      • /path/{value}/** - match `/path/subdirectory` and any of its descendents, capturing the value of the subdirectory in RequestAuthorizationContext.getVariables()

      A more comprehensive list can be found at PathPattern.

      Parameters:
      path - the path pattern to match
      Returns:
      the PathPatternRequestMatcher.Builder for more configuration

    • matcher

      public PathPatternRequestMatcher matcher(@Nullable org.springframework.http.HttpMethod method, String path)
      Match requests having this HttpMethod and path pattern.

      When the HTTP method is null, then the matcher does not consider the HTTP method

      Path patterns always start with a slash and may contain placeholders. They can also be followed by /** to signify all URIs under a given path.

      These must be specified relative to any servlet path prefix (meaning you should exclude the context path and any servlet path prefix in stating your pattern).

      The following are valid patterns and their meaning

      • /path - match exactly and only `/path`
      • /path/** - match `/path` and any of its descendents
      • /path/{value}/** - match `/path/subdirectory` and any of its descendents, capturing the value of the subdirectory in RequestAuthorizationContext.getVariables()

      A more comprehensive list can be found at PathPattern.

      Parameters:
      method - the HttpMethod to match, may be null
      path - the path pattern to match
      Returns:
      the PathPatternRequestMatcher.Builder for more configuration