Class ExpressionUrlAuthorizationConfigurer.AuthorizedUrl
- java.lang.Object
-
- org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl
-
- Direct Known Subclasses:
ExpressionUrlAuthorizationConfigurer.MvcMatchersAuthorizedUrl
- Enclosing class:
- ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>
public class ExpressionUrlAuthorizationConfigurer.AuthorizedUrl extends java.lang.Object
-
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry
access(java.lang.String attribute)
Allows specifying that URLs are secured by an arbitrary expressionExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry
anonymous()
Specify that URLs are allowed by anonymous users.ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry
authenticated()
Specify that URLs are allowed by any authenticated user.ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry
denyAll()
Specify that URLs are not allowed by anyone.ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry
fullyAuthenticated()
Specify that URLs are allowed by users who have authenticated and were not "remembered".protected java.util.List<? extends RequestMatcher>
getMatchers()
ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry
hasAnyAuthority(java.lang.String... authorities)
Specify that URLs requires any of a number authorities.ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry
hasAnyRole(java.lang.String... roles)
Shortcut for specifying URLs require any of a number of roles.ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry
hasAuthority(java.lang.String authority)
Specify that URLs require a particular authority.ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry
hasIpAddress(java.lang.String ipaddressExpression)
Specify that URLs requires a specific IP Address or subnet.ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry
hasRole(java.lang.String role)
Shortcut for specifying URLs require a particular role.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl
not()
Negates the following expression.ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry
permitAll()
Specify that URLs are allowed by anyone.ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry
rememberMe()
Specify that URLs are allowed by users that have been remembered.
-
-
-
Method Detail
-
getMatchers
protected java.util.List<? extends RequestMatcher> getMatchers()
-
not
public ExpressionUrlAuthorizationConfigurer.AuthorizedUrl not()
Negates the following expression.- Returns:
- the
ExpressionUrlAuthorizationConfigurer
for further customization
-
hasRole
public ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry hasRole(java.lang.String role)
Shortcut for specifying URLs require a particular role. If you do not want to have role prefix (default "ROLE_") automatically inserted seehasAuthority(String)
.- Parameters:
role
- the role to require (i.e. USER, ADMIN, etc). Note, it should not start with role prefix as this is automatically inserted.- Returns:
- the
ExpressionUrlAuthorizationConfigurer
for further customization
-
hasAnyRole
public ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry hasAnyRole(java.lang.String... roles)
Shortcut for specifying URLs require any of a number of roles. If you do not want to have role prefix (default "ROLE_") automatically inserted seehasAnyAuthority(String...)
- Parameters:
roles
- the roles to require (i.e. USER, ADMIN, etc). Note, it should not start with role prefix as this is automatically inserted.- Returns:
- the
ExpressionUrlAuthorizationConfigurer
for further customization
-
hasAuthority
public ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry hasAuthority(java.lang.String authority)
Specify that URLs require a particular authority.- Parameters:
authority
- the authority to require (i.e. ROLE_USER, ROLE_ADMIN, etc).- Returns:
- the
ExpressionUrlAuthorizationConfigurer
for further customization
-
hasAnyAuthority
public ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry hasAnyAuthority(java.lang.String... authorities)
Specify that URLs requires any of a number authorities.- Parameters:
authorities
- the requests require at least one of the authorities (i.e. "ROLE_USER","ROLE_ADMIN" would mean either "ROLE_USER" or "ROLE_ADMIN" is required).- Returns:
- the
ExpressionUrlAuthorizationConfigurer
for further customization
-
hasIpAddress
public ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry hasIpAddress(java.lang.String ipaddressExpression)
Specify that URLs requires a specific IP Address or subnet.- Parameters:
ipaddressExpression
- the ipaddress (i.e. 192.168.1.79) or local subnet (i.e. 192.168.0/24)- Returns:
- the
ExpressionUrlAuthorizationConfigurer
for further customization
-
permitAll
public ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry permitAll()
Specify that URLs are allowed by anyone.- Returns:
- the
ExpressionUrlAuthorizationConfigurer
for further customization
-
anonymous
public ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry anonymous()
Specify that URLs are allowed by anonymous users.- Returns:
- the
ExpressionUrlAuthorizationConfigurer
for further customization
-
rememberMe
public ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry rememberMe()
Specify that URLs are allowed by users that have been remembered.- Returns:
- the
ExpressionUrlAuthorizationConfigurer
for further customization - See Also:
RememberMeConfigurer
-
denyAll
public ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry denyAll()
Specify that URLs are not allowed by anyone.- Returns:
- the
ExpressionUrlAuthorizationConfigurer
for further customization
-
authenticated
public ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry authenticated()
Specify that URLs are allowed by any authenticated user.- Returns:
- the
ExpressionUrlAuthorizationConfigurer
for further customization
-
fullyAuthenticated
public ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry fullyAuthenticated()
Specify that URLs are allowed by users who have authenticated and were not "remembered".- Returns:
- the
ExpressionUrlAuthorizationConfigurer
for further customization - See Also:
RememberMeConfigurer
-
access
public ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry access(java.lang.String attribute)
Allows specifying that URLs are secured by an arbitrary expression- Parameters:
attribute
- the expression to secure the URLs (i.e. "hasRole('ROLE_USER') and hasRole('ROLE_SUPER')")- Returns:
- the
ExpressionUrlAuthorizationConfigurer
for further customization
-
-