Package org.springframework.security.web.access.intercept

Class AuthorizationFilter

java.lang.Object

org.springframework.web.filter.GenericFilterBean

org.springframework.web.filter.OncePerRequestFilter

org.springframework.security.web.access.intercept.AuthorizationFilter

All Implemented Interfaces:

jakarta.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.EnvironmentAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware

public class AuthorizationFilter
extends org.springframework.web.filter.OncePerRequestFilter

An authorization filter that restricts access to the URL using AuthorizationManager.

Since:

5.5

Field Summary

Fields inherited from class org.springframework.web.filter.OncePerRequestFilter

ALREADY_FILTERED_SUFFIX

Fields inherited from class org.springframework.web.filter.GenericFilterBean

logger

Constructor Summary

Constructors

Constructor	Description
AuthorizationFilter(AuthorizationManager<jakarta.servlet.http.HttpServletRequest> authorizationManager)	Creates an instance.

Method Summary

Modifier and Type	Method	Description
protected void	doFilterInternal(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain filterChain)
AuthorizationManager<jakarta.servlet.http.HttpServletRequest>	getAuthorizationManager()	Gets the AuthorizationManager used by this filter

Methods inherited from class org.springframework.web.filter.OncePerRequestFilter

doFilter, doFilterNestedErrorDispatch, getAlreadyFilteredAttributeName, isAsyncDispatch, isAsyncStarted, shouldNotFilter, shouldNotFilterAsyncDispatch, shouldNotFilterErrorDispatch

Methods inherited from class org.springframework.web.filter.GenericFilterBean

addRequiredProperty, afterPropertiesSet, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

AuthorizationFilter

public AuthorizationFilter(AuthorizationManager<jakarta.servlet.http.HttpServletRequest> authorizationManager)

Creates an instance.

Parameters:

authorizationManager - the AuthorizationManager to use

Method Details

doFilterInternal

protected void doFilterInternal(jakarta.servlet.http.HttpServletRequest request,
 jakarta.servlet.http.HttpServletResponse response,
 jakarta.servlet.FilterChain filterChain)
                         throws jakarta.servlet.ServletException,
IOException

Specified by:

doFilterInternal in class org.springframework.web.filter.OncePerRequestFilter

Throws:

jakarta.servlet.ServletException

IOException

getAuthorizationManager

public AuthorizationManager<jakarta.servlet.http.HttpServletRequest> getAuthorizationManager()

Gets the AuthorizationManager used by this filter

Returns:

the AuthorizationManager