Class AuthorizationFilter
- java.lang.Object
-
- org.springframework.web.filter.GenericFilterBean
-
- org.springframework.security.web.access.intercept.AuthorizationFilter
-
- All Implemented Interfaces:
javax.servlet.Filter
,org.springframework.beans.factory.Aware
,org.springframework.beans.factory.BeanNameAware
,org.springframework.beans.factory.DisposableBean
,org.springframework.beans.factory.InitializingBean
,org.springframework.context.EnvironmentAware
,org.springframework.core.env.EnvironmentCapable
,org.springframework.web.context.ServletContextAware
public class AuthorizationFilter extends org.springframework.web.filter.GenericFilterBean
An authorization filter that restricts access to the URL usingAuthorizationManager
.- Since:
- 5.5
-
-
Constructor Summary
Constructors Constructor Description AuthorizationFilter(AuthorizationManager<javax.servlet.http.HttpServletRequest> authorizationManager)
Creates an instance.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
doFilter(javax.servlet.ServletRequest servletRequest, javax.servlet.ServletResponse servletResponse, javax.servlet.FilterChain chain)
AuthorizationManager<javax.servlet.http.HttpServletRequest>
getAuthorizationManager()
Gets theAuthorizationManager
used by this filterboolean
isObserveOncePerRequest()
void
setAuthorizationEventPublisher(AuthorizationEventPublisher eventPublisher)
Use thisAuthorizationEventPublisher
to publishAuthorizationDeniedEvent
s andAuthorizationGrantedEvent
s.void
setFilterAsyncDispatch(boolean filterAsyncDispatch)
If set to true, the filter will be applied to the async dispatcher.void
setFilterErrorDispatch(boolean filterErrorDispatch)
If set to true, the filter will be applied to error dispatcher.void
setObserveOncePerRequest(boolean observeOncePerRequest)
Sets whether this filter apply only once per request.void
setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy)
Sets theSecurityContextHolderStrategy
to use.void
setShouldFilterAllDispatcherTypes(boolean shouldFilterAllDispatcherTypes)
Sets whether to filter all dispatcher types.
-
-
-
Constructor Detail
-
AuthorizationFilter
public AuthorizationFilter(AuthorizationManager<javax.servlet.http.HttpServletRequest> authorizationManager)
Creates an instance.- Parameters:
authorizationManager
- theAuthorizationManager
to use
-
-
Method Detail
-
doFilter
public void doFilter(javax.servlet.ServletRequest servletRequest, javax.servlet.ServletResponse servletResponse, javax.servlet.FilterChain chain) throws javax.servlet.ServletException, java.io.IOException
- Throws:
javax.servlet.ServletException
java.io.IOException
-
setSecurityContextHolderStrategy
public void setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy)
Sets theSecurityContextHolderStrategy
to use. The default action is to use theSecurityContextHolderStrategy
stored inSecurityContextHolder
.- Since:
- 5.8
-
setAuthorizationEventPublisher
public void setAuthorizationEventPublisher(AuthorizationEventPublisher eventPublisher)
Use thisAuthorizationEventPublisher
to publishAuthorizationDeniedEvent
s andAuthorizationGrantedEvent
s.- Parameters:
eventPublisher
- theApplicationEventPublisher
to use- Since:
- 5.7
-
getAuthorizationManager
public AuthorizationManager<javax.servlet.http.HttpServletRequest> getAuthorizationManager()
Gets theAuthorizationManager
used by this filter- Returns:
- the
AuthorizationManager
-
setShouldFilterAllDispatcherTypes
public void setShouldFilterAllDispatcherTypes(boolean shouldFilterAllDispatcherTypes)
Sets whether to filter all dispatcher types.- Parameters:
shouldFilterAllDispatcherTypes
- should filter all dispatcher types. Default isfalse
- Since:
- 5.7
-
isObserveOncePerRequest
public boolean isObserveOncePerRequest()
-
setObserveOncePerRequest
public void setObserveOncePerRequest(boolean observeOncePerRequest)
Sets whether this filter apply only once per request. By default, this istrue
, meaning the filter will only execute once per request. Sometimes users may wish it to execute more than once per request, such as when JSP forwards are being used and filter security is desired on each included fragment of the HTTP request.- Parameters:
observeOncePerRequest
- whether the filter should only be applied once per request
-
setFilterErrorDispatch
public void setFilterErrorDispatch(boolean filterErrorDispatch)
If set to true, the filter will be applied to error dispatcher. Defaults to false.- Parameters:
filterErrorDispatch
- whether the filter should be applied to error dispatcher
-
setFilterAsyncDispatch
public void setFilterAsyncDispatch(boolean filterAsyncDispatch)
If set to true, the filter will be applied to the async dispatcher. Defaults to false.- Parameters:
filterAsyncDispatch
- whether the filter should be applied to async dispatch
-
-