Class UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>
java.lang.Object
org.springframework.security.config.annotation.SecurityConfigurerAdapter<DefaultSecurityFilterChain,B>
org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer<C,H>
org.springframework.security.config.annotation.web.configurers.AbstractInterceptUrlConfigurer<UrlAuthorizationConfigurer<H>,H>
org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer<H>
- Type Parameters:
H
- the type ofHttpSecurityBuilder
that is being configured
- All Implemented Interfaces:
SecurityConfigurer<DefaultSecurityFilterChain,
H>
@Deprecated
public final class UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>
extends AbstractInterceptUrlConfigurer<UrlAuthorizationConfigurer<H>,H>
Deprecated.
Adds URL based authorization using
DefaultFilterInvocationSecurityMetadataSource
. At least one
RequestMapping
needs to be mapped to
ConfigAttribute
's for this SecurityContextConfigurer
to have meaning.
Security Filters
Usage includes applying the UrlAuthorizationConfigurer
and then modifying the
StandardInterceptUrlRegistry. For example:
@Bean public SecurityFilterChain filterChain(HttpSecurity http, ApplicationContext context) throws Exception { http.apply(new UrlAuthorizationConfigurer<HttpSecurity>(context)).getRegistry() .requestMatchers("/users**", "/sessions/**").hasRole("USER") .requestMatchers("/signup").hasRole("ANONYMOUS").anyRequest().hasRole("USER"); }The following Filters are populated
Shared Objects Created
The following shared objects are populated to allow otherSecurityConfigurer
's to
customize:
Shared Objects Used
The following shared objects are used:- AuthenticationManager
- Since:
- 3.2
- See Also:
-
Nested Class Summary
Modifier and TypeClassDescriptionclass
Deprecated.Maps the specifiedRequestMatcher
instances toConfigAttribute
instances.final class
Deprecated.Nested classes/interfaces inherited from class org.springframework.security.config.annotation.web.configurers.AbstractInterceptUrlConfigurer
AbstractInterceptUrlConfigurer.AbstractInterceptUrlRegistry<R extends AbstractInterceptUrlConfigurer<C,
H>.AbstractInterceptUrlRegistry<R, T>, T> -
Constructor Summary
ConstructorDescriptionUrlAuthorizationConfigurer
(org.springframework.context.ApplicationContext context) Deprecated. -
Method Summary
Modifier and TypeMethodDescriptionDeprecated.The StandardInterceptUrlRegistry is what users will interact with after applying theUrlAuthorizationConfigurer
.withObjectPostProcessor
(ObjectPostProcessor<?> objectPostProcessor) Deprecated.Adds anObjectPostProcessor
for this class.Methods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractInterceptUrlConfigurer
configure
Methods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer
disable, getSecurityContextHolderStrategy
Methods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter
addObjectPostProcessor, and, getBuilder, init, postProcess, setBuilder
-
Constructor Details
-
UrlAuthorizationConfigurer
public UrlAuthorizationConfigurer(org.springframework.context.ApplicationContext context) Deprecated.
-
-
Method Details
-
getRegistry
Deprecated.The StandardInterceptUrlRegistry is what users will interact with after applying theUrlAuthorizationConfigurer
.- Returns:
- the
ExpressionUrlAuthorizationConfigurer
for further customizations
-
withObjectPostProcessor
public UrlAuthorizationConfigurer<H> withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor) Deprecated.Adds anObjectPostProcessor
for this class.- Overrides:
withObjectPostProcessor
in classAbstractHttpConfigurer<UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>,
H extends HttpSecurityBuilder<H>> - Parameters:
objectPostProcessor
-- Returns:
- the
UrlAuthorizationConfigurer
for further customizations
-
AuthorizeHttpRequestsConfigurer
instead