Package org.springframework.security.config.annotation.web.configurers

Class AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry.ServletAuthorizedUrl

java.lang.Object

org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry.ServletAuthorizedUrl

Enclosing class:

AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry

public final class AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry.ServletAuthorizedUrl
extends Object

An object that allows configuring the AuthorizationManager for RequestMatchers.

Since:

6.2

Method Summary

Modifier and Type	Method	Description
AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry.AuthorizationManagerServletRequestMatcherRegistry	access(AuthorizationManager<RequestAuthorizationContext> manager)	Allows specifying a custom AuthorizationManager.
AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry.AuthorizationManagerServletRequestMatcherRegistry	anonymous()	Specify that URLs are allowed by anonymous users.
AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry.AuthorizationManagerServletRequestMatcherRegistry	authenticated()	Specify that URLs are allowed by any authenticated user.
AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry.AuthorizationManagerServletRequestMatcherRegistry	denyAll()	Specify that URLs are not allowed by anyone.
AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry.AuthorizationManagerServletRequestMatcherRegistry	fullyAuthenticated()	Specify that URLs are allowed by users who have authenticated and were not "remembered".
AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry.AuthorizationManagerServletRequestMatcherRegistry	hasAnyAuthority(String... authorities)	Specifies that a user requires one of many authorities.
AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry.AuthorizationManagerServletRequestMatcherRegistry	hasAnyRole(String... roles)	Specifies that a user requires one of many roles.
AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry.AuthorizationManagerServletRequestMatcherRegistry	hasAuthority(String authority)	Specifies a user requires an authority.
AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry.AuthorizationManagerServletRequestMatcherRegistry	hasRole(String role)	Specifies a user requires a role.
AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry.AuthorizationManagerServletRequestMatcherRegistry	permitAll()	Specify that URLs are allowed by anyone.
AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry.AuthorizationManagerServletRequestMatcherRegistry	rememberMe()	Specify that URLs are allowed by users that have been remembered.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

permitAll

public AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry.AuthorizationManagerServletRequestMatcherRegistry permitAll()

Specify that URLs are allowed by anyone.

Returns:

the AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>.AuthorizationManagerRequestMatcherRegistry for further customizations

denyAll

public AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry.AuthorizationManagerServletRequestMatcherRegistry denyAll()

Specify that URLs are not allowed by anyone.

Returns:

the AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>.AuthorizationManagerRequestMatcherRegistry for further customizations

hasRole

public AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry.AuthorizationManagerServletRequestMatcherRegistry hasRole(String role)

Specifies a user requires a role.

Parameters:

role - the role that should be required which is prepended with ROLE_ automatically (i.e. USER, ADMIN, etc). It should not start with ROLE_

Returns:

AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>.AuthorizationManagerRequestMatcherRegistry for further customizations

hasAnyRole

public AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry.AuthorizationManagerServletRequestMatcherRegistry hasAnyRole(String... roles)

Specifies that a user requires one of many roles.

Parameters:

roles - the roles that the user should have at least one of (i.e. ADMIN, USER, etc). Each role should not start with ROLE_ since it is automatically prepended already

Returns:

the AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>.AuthorizationManagerRequestMatcherRegistry for further customizations

hasAuthority

public AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry.AuthorizationManagerServletRequestMatcherRegistry hasAuthority(String authority)

Specifies a user requires an authority.

Parameters:

authority - the authority that should be required

Returns:

the AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>.AuthorizationManagerRequestMatcherRegistry for further customizations

hasAnyAuthority

public AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry.AuthorizationManagerServletRequestMatcherRegistry hasAnyAuthority(String... authorities)

Specifies that a user requires one of many authorities.

Parameters:

authorities - the authorities that the user should have at least one of (i.e. ROLE_USER, ROLE_ADMIN, etc)

Returns:

the AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>.AuthorizationManagerRequestMatcherRegistry for further customizations

authenticated

public AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry.AuthorizationManagerServletRequestMatcherRegistry authenticated()

Specify that URLs are allowed by any authenticated user.

Returns:

the AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>.AuthorizationManagerRequestMatcherRegistry for further customizations

fullyAuthenticated

public AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry.AuthorizationManagerServletRequestMatcherRegistry fullyAuthenticated()

Specify that URLs are allowed by users who have authenticated and were not "remembered".

Returns:

the AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>.AuthorizationManagerRequestMatcherRegistry for further customization

See Also:

• RememberMeConfigurer

rememberMe

public AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry.AuthorizationManagerServletRequestMatcherRegistry rememberMe()

Specify that URLs are allowed by users that have been remembered.

Returns:

the AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>.AuthorizationManagerRequestMatcherRegistry for further customization

Since:

5.8

See Also:

• RememberMeConfigurer

anonymous

public AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry.AuthorizationManagerServletRequestMatcherRegistry anonymous()

Specify that URLs are allowed by anonymous users.

Returns:

the AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>.AuthorizationManagerRequestMatcherRegistry for further customization

Since:

5.8

access

public AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry.AuthorizationManagerServletRequestMatcherRegistry access(AuthorizationManager<RequestAuthorizationContext> manager)

Allows specifying a custom AuthorizationManager.

Parameters:

manager - the AuthorizationManager to use

Returns:

the AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>.AuthorizationManagerRequestMatcherRegistry for further customizations