org.springframework.security.intercept.web
Class DefaultFilterInvocationDefinitionSource

java.lang.Object
  org.springframework.security.intercept.web.DefaultFilterInvocationDefinitionSource

All Implemented Interfaces:

ObjectDefinitionSource, FilterInvocationDefinitionSource

public class DefaultFilterInvocationDefinitionSource
extends Object
implements FilterInvocationDefinitionSource

Default implementation of FilterInvocationDefinitionSource.

Stores an ordered map of compiled URL paths to ConfigAttributeDefinitions and provides URL matching against the items stored in this map using the configured UrlMatcher.

The order of registering the regular expressions using the addSecureUrl(String, ConfigAttributeDefinition) is very important. The system will identify the first matching regular expression for a given HTTP URL. It will not proceed to evaluate later regular expressions if a match has already been found. Accordingly, the most specific regular expressions should be registered first, with the most general regular expressions registered last.

If URLs are registered for a particular HTTP method using addSecureUrl(String, String, ConfigAttributeDefinition), then the method-specific matches will take precedence over any URLs which are registered without an HTTP method.

Version:

$Id$

Author:

Ben Alex, Luke Taylor

Field Summary

protected org.apache.commons.logging.Log

logger

Constructor Summary

DefaultFilterInvocationDefinitionSource(UrlMatcher urlMatcher, LinkedHashMap requestMap)
Builds the internal request map from the supplied map.

Method Summary

ConfigAttributeDefinition	getAttributes(Object object) Accesses the ConfigAttributeDefinition that applies to a given secure object.
Collection	getConfigAttributeDefinitions() If available, returns all of the ConfigAttributeDefinitions defined by the implementing class.
int	getMapSize()
protected UrlMatcher	getUrlMatcher()
boolean	isConvertUrlToLowercaseBeforeComparison()
protected ConfigAttributeDefinition	lookupAttributes(String url)
ConfigAttributeDefinition	lookupAttributes(String url, String method) Performs the actual lookup of the relevant ConfigAttributeDefinition for the specified FilterInvocation.
void	setStripQueryStringFromUrls(boolean stripQueryStringFromUrls)
boolean	supports(Class clazz) Indicates whether the ObjectDefinitionSource implementation is able to provide ConfigAttributeDefinitions for the indicated secure object type.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

logger

protected final org.apache.commons.logging.Log logger

Constructor Detail

DefaultFilterInvocationDefinitionSource

public DefaultFilterInvocationDefinitionSource(UrlMatcher urlMatcher,
                                               LinkedHashMap requestMap)

Builds the internal request map from the supplied map. The key elements should be of type RequestKey, which contains a URL path and an optional HTTP method (may be null). The path stored in the key will depend on the type of the supplied UrlMatcher.

Parameters:

urlMatcher - typically an ant or regular expression matcher.

requestMap - order-preserving map of .

Method Detail

getConfigAttributeDefinitions

public Collection getConfigAttributeDefinitions()

Description copied from interface: ObjectDefinitionSource

If available, returns all of the ConfigAttributeDefinitions defined by the implementing class.

This is used by the AbstractSecurityInterceptor to perform startup time validation of each ConfigAttribute configured against it.

Specified by:

getConfigAttributeDefinitions in interface ObjectDefinitionSource

Returns:

the ConfigAttributeDefinitions or null if unsupported

getAttributes

public ConfigAttributeDefinition getAttributes(Object object)
                                        throws IllegalArgumentException

Description copied from interface: ObjectDefinitionSource

Accesses the ConfigAttributeDefinition that applies to a given secure object.

Returns null if no ConfigAttribiteDefinition applies.

Specified by:

getAttributes in interface ObjectDefinitionSource

Parameters:

object - the object being secured

Returns:

the ConfigAttributeDefinition that applies to the passed object

Throws:

IllegalArgumentException - if the passed object is not of a type supported by the ObjectDefinitionSource implementation

lookupAttributes

protected ConfigAttributeDefinition lookupAttributes(String url)

lookupAttributes

public ConfigAttributeDefinition lookupAttributes(String url,
                                                  String method)

Performs the actual lookup of the relevant ConfigAttributeDefinition for the specified FilterInvocation.

By default, iterates through the stored URL map and calls the UrlMatcher.pathMatchesUrl(Object path, String url) method until a match is found.

Subclasses can override if required to perform any modifications to the URL.

Parameters:

url - the URI to retrieve configuration attributes for

method - the HTTP method (GET, POST, DELETE...).

Returns:

the ConfigAttributeDefinition that applies to the specified FilterInvocation or null if no match is foud

supports

public boolean supports(Class clazz)

Description copied from interface: ObjectDefinitionSource

Indicates whether the ObjectDefinitionSource implementation is able to provide ConfigAttributeDefinitions for the indicated secure object type.

Specified by:

supports in interface ObjectDefinitionSource

Parameters:

clazz - the class that is being queried

Returns:

true if the implementation can process the indicated class

getMapSize

public int getMapSize()

getUrlMatcher

protected UrlMatcher getUrlMatcher()

isConvertUrlToLowercaseBeforeComparison

public boolean isConvertUrlToLowercaseBeforeComparison()

setStripQueryStringFromUrls

public void setStripQueryStringFromUrls(boolean stripQueryStringFromUrls)