Class UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>
java.lang.Object
org.springframework.security.config.annotation.SecurityConfigurerAdapter<DefaultSecurityFilterChain,B>
org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer<C,H>
org.springframework.security.config.annotation.web.configurers.AbstractInterceptUrlConfigurer<UrlAuthorizationConfigurer<H>,H>
org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer<H>
- Type Parameters:
H- the type ofHttpSecurityBuilderthat is being configured
- All Implemented Interfaces:
SecurityConfigurer<DefaultSecurityFilterChain,H>
@Deprecated
public final class UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>
extends AbstractInterceptUrlConfigurer<UrlAuthorizationConfigurer<H>,H>
Deprecated.
Adds URL based authorization using
DefaultFilterInvocationSecurityMetadataSource. At least one
RequestMapping needs to be mapped to
ConfigAttribute's for this SecurityContextConfigurer to have meaning.
Security Filters
Usage includes applying the UrlAuthorizationConfigurer and then modifying the
StandardInterceptUrlRegistry. For example:
protected void configure(HttpSecurity http) throws Exception {
http.apply(new UrlAuthorizationConfigurer<HttpSecurity>()).getRegistry()
.requestMatchers("/users**", "/sessions/**").hasRole("USER")
.requestMatchers("/signup").hasRole("ANONYMOUS").anyRequest().hasRole("USER");
}
The following Filters are populated
Shared Objects Created
The following shared objects are populated to allow otherSecurityConfigurer's to
customize:
Shared Objects Used
The following shared objects are used:- AuthenticationManager
- Since:
- 3.2
- See Also:
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionclassDeprecated.Maps the specifiedRequestMatcherinstances toConfigAttributeinstances.final classDeprecated.Nested classes/interfaces inherited from class org.springframework.security.config.annotation.web.configurers.AbstractInterceptUrlConfigurer
AbstractInterceptUrlConfigurer.AbstractInterceptUrlRegistry<R extends AbstractInterceptUrlConfigurer<C,H>.AbstractInterceptUrlRegistry<R, T>, T> -
Constructor Summary
ConstructorsConstructorDescriptionUrlAuthorizationConfigurer(org.springframework.context.ApplicationContext context) Deprecated. -
Method Summary
Modifier and TypeMethodDescriptionDeprecated.The StandardInterceptUrlRegistry is what users will interact with after applying theUrlAuthorizationConfigurer.withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor) Deprecated.Adds anObjectPostProcessorfor this class.Methods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractInterceptUrlConfigurer
configureMethods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer
disable, getSecurityContextHolderStrategyMethods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter
addObjectPostProcessor, and, getBuilder, init, postProcess, setBuilder
-
Constructor Details
-
UrlAuthorizationConfigurer
public UrlAuthorizationConfigurer(org.springframework.context.ApplicationContext context) Deprecated.
-
-
Method Details
-
getRegistry
Deprecated.The StandardInterceptUrlRegistry is what users will interact with after applying theUrlAuthorizationConfigurer.- Returns:
- the
ExpressionUrlAuthorizationConfigurerfor further customizations
-
withObjectPostProcessor
public UrlAuthorizationConfigurer<H> withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor) Deprecated.Adds anObjectPostProcessorfor this class.- Overrides:
withObjectPostProcessorin classAbstractHttpConfigurer<UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>,H extends HttpSecurityBuilder<H>> - Parameters:
objectPostProcessor-- Returns:
- the
UrlAuthorizationConfigurerfor further customizations
-
AuthorizeHttpRequestsConfigurerinstead