Class AuthorizeHttpRequestsConfigurer.AuthorizedUrl
java.lang.Object
org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl
- Direct Known Subclasses:
AuthorizeHttpRequestsConfigurer.MvcMatchersAuthorizedUrl
- Enclosing class:
- AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>
An object that allows configuring the
AuthorizationManager
for
RequestMatcher
s.-
Method Summary
Modifier and TypeMethodDescriptionAllows specifying a customAuthorizationManager
.Specify that URLs are allowed by any authenticated user.denyAll()
Specify that URLs are not allowed by anyone.protected List<? extends RequestMatcher>
hasAnyAuthority
(String... authorities) Specifies that a user requires one of many authorities.hasAnyRole
(String... roles) Specifies that a user requires one of many roles.hasAuthority
(String authority) Specifies a user requires an authority.Specifies a user requires a role.Specify that URLs are allowed by anyone.
-
Method Details
-
getMatchers
-
permitAll
Specify that URLs are allowed by anyone.- Returns:
- the
AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>.AuthorizationManagerRequestMatcherRegistry
for further customizations
-
denyAll
Specify that URLs are not allowed by anyone.- Returns:
- the
AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>.AuthorizationManagerRequestMatcherRegistry
for further customizations
-
hasRole
public AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry hasRole(String role) Specifies a user requires a role.- Parameters:
role
- the role that should be required which is prepended with ROLE_ automatically (i.e. USER, ADMIN, etc). It should not start with ROLE_- Returns:
AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>.AuthorizationManagerRequestMatcherRegistry
for further customizations
-
hasAnyRole
public AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry hasAnyRole(String... roles) Specifies that a user requires one of many roles.- Parameters:
roles
- the roles that the user should have at least one of (i.e. ADMIN, USER, etc). Each role should not start with ROLE_ since it is automatically prepended already- Returns:
- the
AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>.AuthorizationManagerRequestMatcherRegistry
for further customizations
-
hasAuthority
public AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry hasAuthority(String authority) Specifies a user requires an authority.- Parameters:
authority
- the authority that should be required- Returns:
- the
AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>.AuthorizationManagerRequestMatcherRegistry
for further customizations
-
hasAnyAuthority
public AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry hasAnyAuthority(String... authorities) Specifies that a user requires one of many authorities.- Parameters:
authorities
- the authorities that the user should have at least one of (i.e. ROLE_USER, ROLE_ADMIN, etc)- Returns:
- the
AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>.AuthorizationManagerRequestMatcherRegistry
for further customizations
-
authenticated
public AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry authenticated()Specify that URLs are allowed by any authenticated user.- Returns:
- the
AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>.AuthorizationManagerRequestMatcherRegistry
for further customizations
-
access
public AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry access(AuthorizationManager<RequestAuthorizationContext> manager) Allows specifying a customAuthorizationManager
.- Parameters:
manager
- theAuthorizationManager
to use- Returns:
- the
AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>.AuthorizationManagerRequestMatcherRegistry
for further customizations
-