Class ExpressionUrlAuthorizationConfigurer.AuthorizedUrl
- java.lang.Object
-
- org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl
-
- Direct Known Subclasses:
ExpressionUrlAuthorizationConfigurer.MvcMatchersAuthorizedUrl
- Enclosing class:
- ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>
public class ExpressionUrlAuthorizationConfigurer.AuthorizedUrl extends java.lang.Object
-
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistryaccess(java.lang.String attribute)Allows specifying that URLs are secured by an arbitrary expressionExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistryanonymous()Specify that URLs are allowed by anonymous users.ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistryauthenticated()Specify that URLs are allowed by any authenticated user.ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistrydenyAll()Specify that URLs are not allowed by anyone.ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistryfullyAuthenticated()Specify that URLs are allowed by users who have authenticated and were not "remembered".protected java.util.List<? extends RequestMatcher>getMatchers()ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistryhasAnyAuthority(java.lang.String... authorities)Specify that URLs requires any of a number authorities.ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistryhasAnyRole(java.lang.String... roles)Shortcut for specifying URLs require any of a number of roles.ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistryhasAuthority(java.lang.String authority)Specify that URLs require a particular authority.ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistryhasIpAddress(java.lang.String ipaddressExpression)Specify that URLs requires a specific IP Address or subnet.ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistryhasRole(java.lang.String role)Shortcut for specifying URLs require a particular role.ExpressionUrlAuthorizationConfigurer.AuthorizedUrlnot()Negates the following expression.ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistrypermitAll()Specify that URLs are allowed by anyone.ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistryrememberMe()Specify that URLs are allowed by users that have been remembered.
-
-
-
Method Detail
-
getMatchers
protected java.util.List<? extends RequestMatcher> getMatchers()
-
not
public ExpressionUrlAuthorizationConfigurer.AuthorizedUrl not()
Negates the following expression.- Returns:
- the
ExpressionUrlAuthorizationConfigurerfor further customization
-
hasRole
public ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry hasRole(java.lang.String role)
Shortcut for specifying URLs require a particular role. If you do not want to have role prefix (default "ROLE_") automatically inserted seehasAuthority(String).- Parameters:
role- the role to require (i.e. USER, ADMIN, etc). Note, it should not start with role prefix as this is automatically inserted.- Returns:
- the
ExpressionUrlAuthorizationConfigurerfor further customization
-
hasAnyRole
public ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry hasAnyRole(java.lang.String... roles)
Shortcut for specifying URLs require any of a number of roles. If you do not want to have role prefix (default "ROLE_") automatically inserted seehasAnyAuthority(String...)- Parameters:
roles- the roles to require (i.e. USER, ADMIN, etc). Note, it should not start with role prefix as this is automatically inserted.- Returns:
- the
ExpressionUrlAuthorizationConfigurerfor further customization
-
hasAuthority
public ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry hasAuthority(java.lang.String authority)
Specify that URLs require a particular authority.- Parameters:
authority- the authority to require (i.e. ROLE_USER, ROLE_ADMIN, etc).- Returns:
- the
ExpressionUrlAuthorizationConfigurerfor further customization
-
hasAnyAuthority
public ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry hasAnyAuthority(java.lang.String... authorities)
Specify that URLs requires any of a number authorities.- Parameters:
authorities- the requests require at least one of the authorities (i.e. "ROLE_USER","ROLE_ADMIN" would mean either "ROLE_USER" or "ROLE_ADMIN" is required).- Returns:
- the
ExpressionUrlAuthorizationConfigurerfor further customization
-
hasIpAddress
public ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry hasIpAddress(java.lang.String ipaddressExpression)
Specify that URLs requires a specific IP Address or subnet.- Parameters:
ipaddressExpression- the ipaddress (i.e. 192.168.1.79) or local subnet (i.e. 192.168.0/24)- Returns:
- the
ExpressionUrlAuthorizationConfigurerfor further customization
-
permitAll
public ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry permitAll()
Specify that URLs are allowed by anyone.- Returns:
- the
ExpressionUrlAuthorizationConfigurerfor further customization
-
anonymous
public ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry anonymous()
Specify that URLs are allowed by anonymous users.- Returns:
- the
ExpressionUrlAuthorizationConfigurerfor further customization
-
rememberMe
public ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry rememberMe()
Specify that URLs are allowed by users that have been remembered.- Returns:
- the
ExpressionUrlAuthorizationConfigurerfor further customization - See Also:
RememberMeConfigurer
-
denyAll
public ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry denyAll()
Specify that URLs are not allowed by anyone.- Returns:
- the
ExpressionUrlAuthorizationConfigurerfor further customization
-
authenticated
public ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry authenticated()
Specify that URLs are allowed by any authenticated user.- Returns:
- the
ExpressionUrlAuthorizationConfigurerfor further customization
-
fullyAuthenticated
public ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry fullyAuthenticated()
Specify that URLs are allowed by users who have authenticated and were not "remembered".- Returns:
- the
ExpressionUrlAuthorizationConfigurerfor further customization - See Also:
RememberMeConfigurer
-
access
public ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry access(java.lang.String attribute)
Allows specifying that URLs are secured by an arbitrary expression- Parameters:
attribute- the expression to secure the URLs (i.e. "hasRole('ROLE_USER') and hasRole('ROLE_SUPER')")- Returns:
- the
ExpressionUrlAuthorizationConfigurerfor further customization
-
-