Class AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry.ServletAuthorizedUrl
java.lang.Object
org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry.ServletAuthorizedUrl
public final class AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry.ServletAuthorizedUrl
extends Object
An object that allows configuring the
AuthorizationManager
for
RequestMatcher
s.- Since:
- 6.2
-
Method Summary
Modifier and TypeMethodDescriptionAuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry.AuthorizationManagerServletRequestMatcherRegistry
Allows specifying a customAuthorizationManager
.AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry.AuthorizationManagerServletRequestMatcherRegistry
Specify that URLs are allowed by anonymous users.AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry.AuthorizationManagerServletRequestMatcherRegistry
Specify that URLs are allowed by any authenticated user.AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry.AuthorizationManagerServletRequestMatcherRegistry
denyAll()
Specify that URLs are not allowed by anyone.AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry.AuthorizationManagerServletRequestMatcherRegistry
Specify that URLs are allowed by users who have authenticated and were not "remembered".AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry.AuthorizationManagerServletRequestMatcherRegistry
hasAnyAuthority
(String... authorities) Specifies that a user requires one of many authorities.AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry.AuthorizationManagerServletRequestMatcherRegistry
hasAnyRole
(String... roles) Specifies that a user requires one of many roles.AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry.AuthorizationManagerServletRequestMatcherRegistry
hasAuthority
(String authority) Specifies a user requires an authority.AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry.AuthorizationManagerServletRequestMatcherRegistry
Specifies a user requires a role.AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry.AuthorizationManagerServletRequestMatcherRegistry
Specify that URLs are allowed by anyone.AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry.AuthorizationManagerServletRequestMatcherRegistry
Specify that URLs are allowed by users that have been remembered.
-
Method Details
-
permitAll
public AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry.AuthorizationManagerServletRequestMatcherRegistry permitAll()Specify that URLs are allowed by anyone.- Returns:
- the
AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>.AuthorizationManagerRequestMatcherRegistry
for further customizations
-
denyAll
public AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry.AuthorizationManagerServletRequestMatcherRegistry denyAll()Specify that URLs are not allowed by anyone.- Returns:
- the
AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>.AuthorizationManagerRequestMatcherRegistry
for further customizations
-
hasRole
public AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry.AuthorizationManagerServletRequestMatcherRegistry hasRole(String role) Specifies a user requires a role.- Parameters:
role
- the role that should be required which is prepended with ROLE_ automatically (i.e. USER, ADMIN, etc). It should not start with ROLE_- Returns:
AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>.AuthorizationManagerRequestMatcherRegistry
for further customizations
-
hasAnyRole
public AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry.AuthorizationManagerServletRequestMatcherRegistry hasAnyRole(String... roles) Specifies that a user requires one of many roles.- Parameters:
roles
- the roles that the user should have at least one of (i.e. ADMIN, USER, etc). Each role should not start with ROLE_ since it is automatically prepended already- Returns:
- the
AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>.AuthorizationManagerRequestMatcherRegistry
for further customizations
-
hasAuthority
public AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry.AuthorizationManagerServletRequestMatcherRegistry hasAuthority(String authority) Specifies a user requires an authority.- Parameters:
authority
- the authority that should be required- Returns:
- the
AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>.AuthorizationManagerRequestMatcherRegistry
for further customizations
-
hasAnyAuthority
public AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry.AuthorizationManagerServletRequestMatcherRegistry hasAnyAuthority(String... authorities) Specifies that a user requires one of many authorities.- Parameters:
authorities
- the authorities that the user should have at least one of (i.e. ROLE_USER, ROLE_ADMIN, etc)- Returns:
- the
AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>.AuthorizationManagerRequestMatcherRegistry
for further customizations
-
authenticated
public AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry.AuthorizationManagerServletRequestMatcherRegistry authenticated()Specify that URLs are allowed by any authenticated user.- Returns:
- the
AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>.AuthorizationManagerRequestMatcherRegistry
for further customizations
-
fullyAuthenticated
public AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry.AuthorizationManagerServletRequestMatcherRegistry fullyAuthenticated()Specify that URLs are allowed by users who have authenticated and were not "remembered".- Returns:
- the
AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>.AuthorizationManagerRequestMatcherRegistry
for further customization - See Also:
-
rememberMe
public AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry.AuthorizationManagerServletRequestMatcherRegistry rememberMe()Specify that URLs are allowed by users that have been remembered.- Returns:
- the
AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>.AuthorizationManagerRequestMatcherRegistry
for further customization - Since:
- 5.8
- See Also:
-
anonymous
public AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry.AuthorizationManagerServletRequestMatcherRegistry anonymous()Specify that URLs are allowed by anonymous users.- Returns:
- the
AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>.AuthorizationManagerRequestMatcherRegistry
for further customization - Since:
- 5.8
-
access
public AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry.AuthorizationManagerServletRequestMatcherRegistry access(AuthorizationManager<RequestAuthorizationContext> manager) Allows specifying a customAuthorizationManager
.- Parameters:
manager
- theAuthorizationManager
to use- Returns:
- the
AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>.AuthorizationManagerRequestMatcherRegistry
for further customizations
-