|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.springframework.security.config.annotation.SecurityConfigurerAdapter<O,B> org.springframework.security.config.annotation.web.AbstractRequestMatcherConfigurer<B,C,O> org.springframework.security.config.annotation.web.configurers.AbstractRequestMatcherMappingConfigurer<H,R,DefaultSecurityFilterChain> org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer<H>
H
- the type of HttpSecurityBuilder
that is being configuredpublic final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>
Adds URL based authorization based upon SpEL expressions to an application. At least one
RequestMapping
needs to be mapped to ConfigAttribute
's for
this SecurityContextConfigurer
to have meaning.
SecurityConfigurer
's to customize:
org.springframework.security.config.annotation.web.builders.HttpSecurity#authorizeRequests()}
Nested Class Summary | |
---|---|
class |
ExpressionUrlAuthorizationConfigurer.AuthorizedUrl
|
Constructor Summary | |
---|---|
ExpressionUrlAuthorizationConfigurer()
Creates a new instance |
Method Summary | |
---|---|
C |
accessDecisionManager(AccessDecisionManager accessDecisionManager)
Allows setting the AccessDecisionManager . |
protected ExpressionUrlAuthorizationConfigurer.AuthorizedUrl |
chainRequestMatchersInternal(List<RequestMatcher> requestMatchers)
Subclasses should implement this method for returning the object that is chained to the creation of the RequestMatcher instances. |
void |
configure(H http)
Configure the SecurityBuilder by setting the necessary properties
on the SecurityBuilder . |
ExpressionUrlAuthorizationConfigurer<H> |
expressionHandler(SecurityExpressionHandler<FilterInvocation> expressionHandler)
Allows customization of the SecurityExpressionHandler to be used. |
C |
filterSecurityInterceptorOncePerRequest(boolean filterSecurityInterceptorOncePerRequest)
Allows setting if the FilterSecurityInterceptor should be only applied once per request (i.e. |
ExpressionUrlAuthorizationConfigurer<H> |
withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor)
Adds an ObjectPostProcessor for this class. |
Methods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractRequestMatcherMappingConfigurer |
---|
chainRequestMatchers |
Methods inherited from class org.springframework.security.config.annotation.web.AbstractRequestMatcherConfigurer |
---|
antMatchers, antMatchers, anyRequest, regexMatchers, regexMatchers, requestMatchers |
Methods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter |
---|
addObjectPostProcessor, and, getBuilder, init, postProcess, setBuilder |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Methods inherited from interface org.springframework.security.config.annotation.SecurityConfigurer |
---|
init |
Constructor Detail |
---|
public ExpressionUrlAuthorizationConfigurer()
HttpSecurity.authorizeRequests()
Method Detail |
---|
public ExpressionUrlAuthorizationConfigurer<H> expressionHandler(SecurityExpressionHandler<FilterInvocation> expressionHandler)
SecurityExpressionHandler
to be used. The default is DefaultWebSecurityExpressionHandler
expressionHandler
- the SecurityExpressionHandler
to be used
ExpressionUrlAuthorizationConfigurer
for further customization.public ExpressionUrlAuthorizationConfigurer<H> withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor)
ObjectPostProcessor
for this class.
objectPostProcessor
-
ExpressionUrlAuthorizationConfigurer
for further customizationsprotected final ExpressionUrlAuthorizationConfigurer.AuthorizedUrl chainRequestMatchersInternal(List<RequestMatcher> requestMatchers)
AbstractRequestMatcherMappingConfigurer
RequestMatcher
instances.
chainRequestMatchersInternal
in class AbstractRequestMatcherMappingConfigurer<H extends HttpSecurityBuilder<H>,ExpressionUrlAuthorizationConfigurer.AuthorizedUrl,DefaultSecurityFilterChain>
requestMatchers
- the RequestMatcher
instances that were created
RequestMatcher
public C accessDecisionManager(AccessDecisionManager accessDecisionManager)
AccessDecisionManager
. If none is provided, a default is
created.
accessDecisionManager
- the AccessDecisionManager
to use
AbstractInterceptUrlConfigurer
for further customizationpublic C filterSecurityInterceptorOncePerRequest(boolean filterSecurityInterceptorOncePerRequest)
FilterSecurityInterceptor
should be only applied once per request (i.e. if the
filter intercepts on a forward, should it be applied again).
filterSecurityInterceptorOncePerRequest
- if the FilterSecurityInterceptor
should be only applied
once per request
AbstractInterceptUrlConfigurer
for further customizationpublic void configure(H http) throws Exception
SecurityConfigurer
SecurityBuilder
by setting the necessary properties
on the SecurityBuilder
.
configure
in interface SecurityConfigurer<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>
configure
in class SecurityConfigurerAdapter<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>
Exception
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |