Package org.springframework.security.web.access.intercept

Class AuthorizationFilter

java.lang.Object

org.springframework.web.filter.GenericFilterBean

org.springframework.security.web.access.intercept.AuthorizationFilter

All Implemented Interfaces:

javax.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.EnvironmentAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware

public class AuthorizationFilter
extends org.springframework.web.filter.GenericFilterBean

An authorization filter that restricts access to the URL using AuthorizationManager.

Since:

5.5

Field Summary

Fields inherited from class org.springframework.web.filter.GenericFilterBean

logger

Constructor Summary

Constructors

Constructor	Description
AuthorizationFilter(AuthorizationManager<javax.servlet.http.HttpServletRequest> authorizationManager)	Creates an instance.

Method Summary

Modifier and Type	Method	Description
void	doFilter(javax.servlet.ServletRequest servletRequest, javax.servlet.ServletResponse servletResponse, javax.servlet.FilterChain chain)
AuthorizationManager<javax.servlet.http.HttpServletRequest>	getAuthorizationManager()	Gets the AuthorizationManager used by this filter
boolean	isObserveOncePerRequest()
void	setAuthorizationEventPublisher(AuthorizationEventPublisher eventPublisher)	Use this AuthorizationEventPublisher to publish AuthorizationDeniedEvents and AuthorizationGrantedEvents.
void	setFilterAsyncDispatch(boolean filterAsyncDispatch)	If set to true, the filter will be applied to the async dispatcher.
void	setFilterErrorDispatch(boolean filterErrorDispatch)	If set to true, the filter will be applied to error dispatcher.
void	setObserveOncePerRequest(boolean observeOncePerRequest)	Sets whether this filter apply only once per request.
void	setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy)	Sets the SecurityContextHolderStrategy to use.
void	setShouldFilterAllDispatcherTypes(boolean shouldFilterAllDispatcherTypes)	Sets whether to filter all dispatcher types.

Methods inherited from class org.springframework.web.filter.GenericFilterBean

addRequiredProperty, afterPropertiesSet, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AuthorizationFilter

public AuthorizationFilter(AuthorizationManager<javax.servlet.http.HttpServletRequest> authorizationManager)

Creates an instance.

Parameters:

authorizationManager - the AuthorizationManager to use

Method Detail

doFilter

public void doFilter(javax.servlet.ServletRequest servletRequest,
                     javax.servlet.ServletResponse servletResponse,
                     javax.servlet.FilterChain chain)
              throws javax.servlet.ServletException,
                     java.io.IOException

Throws:

javax.servlet.ServletException

java.io.IOException

setSecurityContextHolderStrategy

public void setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy)

Sets the SecurityContextHolderStrategy to use. The default action is to use the SecurityContextHolderStrategy stored in SecurityContextHolder.

Since:

5.8

setAuthorizationEventPublisher

public void setAuthorizationEventPublisher(AuthorizationEventPublisher eventPublisher)

Use this AuthorizationEventPublisher to publish AuthorizationDeniedEvents and AuthorizationGrantedEvents.

Parameters:

eventPublisher - the ApplicationEventPublisher to use

Since:

5.7

getAuthorizationManager

public AuthorizationManager<javax.servlet.http.HttpServletRequest> getAuthorizationManager()

Gets the AuthorizationManager used by this filter

Returns:

the AuthorizationManager

setShouldFilterAllDispatcherTypes

public void setShouldFilterAllDispatcherTypes(boolean shouldFilterAllDispatcherTypes)

Sets whether to filter all dispatcher types.

Parameters:

shouldFilterAllDispatcherTypes - should filter all dispatcher types. Default is false

Since:

5.7

isObserveOncePerRequest

public boolean isObserveOncePerRequest()

setObserveOncePerRequest

public void setObserveOncePerRequest(boolean observeOncePerRequest)

Sets whether this filter apply only once per request. By default, this is true, meaning the filter will only execute once per request. Sometimes users may wish it to execute more than once per request, such as when JSP forwards are being used and filter security is desired on each included fragment of the HTTP request.

Parameters:

observeOncePerRequest - whether the filter should only be applied once per request

setFilterErrorDispatch

public void setFilterErrorDispatch(boolean filterErrorDispatch)

If set to true, the filter will be applied to error dispatcher. Defaults to false.

Parameters:

filterErrorDispatch - whether the filter should be applied to error dispatcher

setFilterAsyncDispatch

public void setFilterAsyncDispatch(boolean filterAsyncDispatch)

If set to true, the filter will be applied to the async dispatcher. Defaults to false.

Parameters:

filterAsyncDispatch - whether the filter should be applied to async dispatch