Class UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>
java.lang.Object
org.springframework.security.config.annotation.SecurityConfigurerAdapter<DefaultSecurityFilterChain,B>
org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer<C,H>
org.springframework.security.config.annotation.web.configurers.AbstractInterceptUrlConfigurer<UrlAuthorizationConfigurer<H>,H>
org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer<H>
- Type Parameters:
H
- the type ofHttpSecurityBuilder
that is being configured
- All Implemented Interfaces:
SecurityConfigurer<DefaultSecurityFilterChain,
H>
public final class UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>
extends AbstractInterceptUrlConfigurer<UrlAuthorizationConfigurer<H>,H>
Adds URL based authorization using
DefaultFilterInvocationSecurityMetadataSource
. At least one
RequestMapping
needs to be mapped to
ConfigAttribute
's for this SecurityContextConfigurer
to have meaning.
Security Filters
Usage includes applying the UrlAuthorizationConfigurer
and then modifying the
StandardInterceptUrlRegistry. For example:
protected void configure(HttpSecurity http) throws Exception { http.apply(new UrlAuthorizationConfigurer<HttpSecurity>()).getRegistry() .antMatchers("/users**", "/sessions/**").hasRole("USER") .antMatchers("/signup").hasRole("ANONYMOUS").anyRequest().hasRole("USER"); }The following Filters are populated
Shared Objects Created
The following shared objects are populated to allow otherSecurityConfigurer
's to
customize:
Shared Objects Used
The following shared objects are used:- AuthenticationManager
- Since:
- 3.2
- See Also:
-
Nested Class Summary
Modifier and TypeClassDescriptionclass
Maps the specifiedRequestMatcher
instances toConfigAttribute
instances.final class
AnUrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>.AuthorizedUrl
that allows optionally configuring theMvcRequestMatcher.setMethod(HttpMethod)
final class
Nested classes/interfaces inherited from class org.springframework.security.config.annotation.web.configurers.AbstractInterceptUrlConfigurer
AbstractInterceptUrlConfigurer.AbstractInterceptUrlRegistry<R extends AbstractInterceptUrlConfigurer<C,
H>.AbstractInterceptUrlRegistry<R, T>, T> -
Constructor Summary
ConstructorDescriptionUrlAuthorizationConfigurer
(org.springframework.context.ApplicationContext context) -
Method Summary
Modifier and TypeMethodDescriptionThe StandardInterceptUrlRegistry is what users will interact with after applying theUrlAuthorizationConfigurer
.withObjectPostProcessor
(ObjectPostProcessor<?> objectPostProcessor) Adds anObjectPostProcessor
for this class.Methods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractInterceptUrlConfigurer
configure
Methods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer
disable, getSecurityContextHolderStrategy
Methods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter
addObjectPostProcessor, and, getBuilder, init, postProcess, setBuilder
-
Constructor Details
-
UrlAuthorizationConfigurer
public UrlAuthorizationConfigurer(org.springframework.context.ApplicationContext context)
-
-
Method Details
-
getRegistry
The StandardInterceptUrlRegistry is what users will interact with after applying theUrlAuthorizationConfigurer
.- Returns:
- the
ExpressionUrlAuthorizationConfigurer
for further customizations
-
withObjectPostProcessor
public UrlAuthorizationConfigurer<H> withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor) Adds anObjectPostProcessor
for this class.- Overrides:
withObjectPostProcessor
in classAbstractHttpConfigurer<UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>,
H extends HttpSecurityBuilder<H>> - Parameters:
objectPostProcessor
-- Returns:
- the
UrlAuthorizationConfigurer
for further customizations
-