Package org.springframework.security.web.access.intercept

Class AuthorizationFilter

java.lang.Object

org.springframework.web.filter.GenericFilterBean

org.springframework.web.filter.OncePerRequestFilter

org.springframework.security.web.access.intercept.AuthorizationFilter

All Implemented Interfaces:

javax.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.EnvironmentAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware

public class AuthorizationFilter
extends org.springframework.web.filter.OncePerRequestFilter

An authorization filter that restricts access to the URL using AuthorizationManager.

Since:

5.5

Field Summary

Fields inherited from class org.springframework.web.filter.OncePerRequestFilter

ALREADY_FILTERED_SUFFIX

Fields inherited from class org.springframework.web.filter.GenericFilterBean

logger

Constructor Summary

Constructors

Constructor	Description
AuthorizationFilter(AuthorizationManager<javax.servlet.http.HttpServletRequest> authorizationManager)	Creates an instance.

Method Summary

Modifier and Type	Method	Description
protected void	doFilterInternal(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain filterChain)
protected void	doFilterNestedErrorDispatch(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain filterChain)
AuthorizationManager<javax.servlet.http.HttpServletRequest>	getAuthorizationManager()	Gets the AuthorizationManager used by this filter
void	setAuthorizationEventPublisher(AuthorizationEventPublisher eventPublisher)	Use this AuthorizationEventPublisher to publish AuthorizationDeniedEvents and AuthorizationGrantedEvents.
void	setShouldFilterAllDispatcherTypes(boolean shouldFilterAllDispatcherTypes)	Sets whether to filter all dispatcher types.
protected boolean	shouldNotFilterAsyncDispatch()
protected boolean	shouldNotFilterErrorDispatch()

Methods inherited from class org.springframework.web.filter.OncePerRequestFilter

doFilter, getAlreadyFilteredAttributeName, isAsyncDispatch, isAsyncStarted, shouldNotFilter

Methods inherited from class org.springframework.web.filter.GenericFilterBean

addRequiredProperty, afterPropertiesSet, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AuthorizationFilter

public AuthorizationFilter(AuthorizationManager<javax.servlet.http.HttpServletRequest> authorizationManager)

Creates an instance.

Parameters:

authorizationManager - the AuthorizationManager to use

Method Detail

doFilterInternal

protected void doFilterInternal(javax.servlet.http.HttpServletRequest request,
                                javax.servlet.http.HttpServletResponse response,
                                javax.servlet.FilterChain filterChain)
                         throws javax.servlet.ServletException,
                                java.io.IOException

Specified by:

doFilterInternal in class org.springframework.web.filter.OncePerRequestFilter

Throws:

javax.servlet.ServletException

java.io.IOException

doFilterNestedErrorDispatch

protected void doFilterNestedErrorDispatch(javax.servlet.http.HttpServletRequest request,
                                           javax.servlet.http.HttpServletResponse response,
                                           javax.servlet.FilterChain filterChain)
                                    throws javax.servlet.ServletException,
                                           java.io.IOException

Overrides:

doFilterNestedErrorDispatch in class org.springframework.web.filter.OncePerRequestFilter

Throws:

javax.servlet.ServletException

java.io.IOException

shouldNotFilterAsyncDispatch

protected boolean shouldNotFilterAsyncDispatch()

Overrides:

shouldNotFilterAsyncDispatch in class org.springframework.web.filter.OncePerRequestFilter

shouldNotFilterErrorDispatch

protected boolean shouldNotFilterErrorDispatch()

Overrides:

shouldNotFilterErrorDispatch in class org.springframework.web.filter.OncePerRequestFilter

setAuthorizationEventPublisher

public void setAuthorizationEventPublisher(AuthorizationEventPublisher eventPublisher)

Use this AuthorizationEventPublisher to publish AuthorizationDeniedEvents and AuthorizationGrantedEvents.

Parameters:

eventPublisher - the ApplicationEventPublisher to use

Since:

5.7

getAuthorizationManager

public AuthorizationManager<javax.servlet.http.HttpServletRequest> getAuthorizationManager()

Gets the AuthorizationManager used by this filter

Returns:

the AuthorizationManager

setShouldFilterAllDispatcherTypes

public void setShouldFilterAllDispatcherTypes(boolean shouldFilterAllDispatcherTypes)

Sets whether to filter all dispatcher types.

Parameters:

shouldFilterAllDispatcherTypes - should filter all dispatcher types. Default is false

Since:

5.7