Class PathPatternRequestMatcher.Builder

java.lang.Object
org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher.Builder
Enclosing class:
PathPatternRequestMatcher

public static final class PathPatternRequestMatcher.Builder extends Object
A builder for specifying various elements of a request for the purpose of creating a PathPatternRequestMatcher.

For example, if Spring MVC is deployed to `/mvc` and another servlet to `/other`, then you can use this builder to do:

http .authorizeHttpRequests((authorize) -> authorize .requestMatchers(servletPath("/mvc").matcher("/user/**")).hasAuthority("user") .requestMatchers(servletPath("/other").matcher("/admin/**")).hasAuthority("admin") ) ...
  • Method Details

    • servletPath

      public PathPatternRequestMatcher.Builder servletPath(String servletPath)
      Match requests starting with this servletPath.
      Parameters:
      servletPath - the servlet path prefix
      Returns:
      the PathPatternRequestMatcher.Builder for more configuration
    • matcher

      public PathPatternRequestMatcher matcher(String path)
      Match requests having this path pattern.

      When the HTTP method is null, then the matcher does not consider the HTTP method

      Path patterns always start with a slash and may contain placeholders. They can also be followed by /** to signify all URIs under a given path.

      These must be specified relative to any servlet path prefix (meaning you should exclude the context path and any servlet path prefix in stating your pattern).

      The following are valid patterns and their meaning

      • /path - match exactly and only `/path`
      • /path/** - match `/path` and any of its descendents
      • /path/{value}/** - match `/path/subdirectory` and any of its descendents, capturing the value of the subdirectory in RequestAuthorizationContext.getVariables()

      A more comprehensive list can be found at PathPattern.

      Parameters:
      path - the path pattern to match
      Returns:
      the PathPatternRequestMatcher.Builder for more configuration
    • matcher

      public PathPatternRequestMatcher matcher(@Nullable org.springframework.http.HttpMethod method, String path)
      Match requests having this HttpMethod and path pattern.

      When the HTTP method is null, then the matcher does not consider the HTTP method

      Path patterns always start with a slash and may contain placeholders. They can also be followed by /** to signify all URIs under a given path.

      These must be specified relative to any servlet path prefix (meaning you should exclude the context path and any servlet path prefix in stating your pattern).

      The following are valid patterns and their meaning

      • /path - match exactly and only `/path`
      • /path/** - match `/path` and any of its descendents
      • /path/{value}/** - match `/path/subdirectory` and any of its descendents, capturing the value of the subdirectory in RequestAuthorizationContext.getVariables()

      A more comprehensive list can be found at PathPattern.

      Parameters:
      method - the HttpMethod to match, may be null
      path - the path pattern to match
      Returns:
      the PathPatternRequestMatcher.Builder for more configuration