Class AuthorizeHttpRequestsConfigurer.AuthorizedUrl
java.lang.Object
org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl
- Enclosing class:
- AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>
An object that allows configuring the
AuthorizationManager
for
RequestMatcher
s.-
Nested Class Summary
Modifier and TypeClassDescriptionfinal class
An object that allows configuringRequestMatcher
s with URI path variables -
Method Summary
Modifier and TypeMethodDescriptionAllows specifying a customAuthorizationManager
.Specify that URLs are allowed by anonymous users.Specify that URLs are allowed by any authenticated user.denyAll()
Specify that URLs are not allowed by anyone.Specify that URLs are allowed by users who have authenticated and were not "remembered".protected List<? extends RequestMatcher>
hasAnyAuthority
(String... authorities) Specifies that a user requires one of many authorities.hasAnyRole
(String... roles) Specifies that a user requires one of many roles.hasAuthority
(String authority) Specifies a user requires an authority.Specifies a user requires a role.hasVariable
(String variable) Specify that a path variable in URL to be compared.not()
Negates the following authorization rule.Specify that URLs are allowed by anyone.Specify that URLs are allowed by users that have been remembered.
-
Method Details
-
getMatchers
-
not
Negates the following authorization rule.- Returns:
- the
AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>.AuthorizedUrl
for further customization - Since:
- 6.3
-
permitAll
Specify that URLs are allowed by anyone.- Returns:
- the
AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>.AuthorizationManagerRequestMatcherRegistry
for further customizations
-
denyAll
Specify that URLs are not allowed by anyone.- Returns:
- the
AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>.AuthorizationManagerRequestMatcherRegistry
for further customizations
-
hasRole
public AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry hasRole(String role) Specifies a user requires a role.- Parameters:
role
- the role that should be required which is prepended with ROLE_ automatically (i.e. USER, ADMIN, etc). It should not start with ROLE_- Returns:
AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>.AuthorizationManagerRequestMatcherRegistry
for further customizations
-
hasAnyRole
public AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry hasAnyRole(String... roles) Specifies that a user requires one of many roles.- Parameters:
roles
- the roles that the user should have at least one of (i.e. ADMIN, USER, etc). Each role should not start with ROLE_ since it is automatically prepended already- Returns:
- the
AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>.AuthorizationManagerRequestMatcherRegistry
for further customizations
-
hasAuthority
public AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry hasAuthority(String authority) Specifies a user requires an authority.- Parameters:
authority
- the authority that should be required- Returns:
- the
AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>.AuthorizationManagerRequestMatcherRegistry
for further customizations
-
hasAnyAuthority
public AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry hasAnyAuthority(String... authorities) Specifies that a user requires one of many authorities.- Parameters:
authorities
- the authorities that the user should have at least one of (i.e. ROLE_USER, ROLE_ADMIN, etc)- Returns:
- the
AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>.AuthorizationManagerRequestMatcherRegistry
for further customizations
-
authenticated
public AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry authenticated()Specify that URLs are allowed by any authenticated user.- Returns:
- the
AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>.AuthorizationManagerRequestMatcherRegistry
for further customizations
-
fullyAuthenticated
public AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry fullyAuthenticated()Specify that URLs are allowed by users who have authenticated and were not "remembered".- Returns:
- the
AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>.AuthorizationManagerRequestMatcherRegistry
for further customization - Since:
- 5.8
- See Also:
-
rememberMe
Specify that URLs are allowed by users that have been remembered.- Returns:
- the
AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>.AuthorizationManagerRequestMatcherRegistry
for further customization - Since:
- 5.8
- See Also:
-
anonymous
Specify that URLs are allowed by anonymous users.- Returns:
- the
AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>.AuthorizationManagerRequestMatcherRegistry
for further customization - Since:
- 5.8
-
hasVariable
public AuthorizeHttpRequestsConfigurer<H>.AuthorizedUrl.AuthorizedUrlVariable hasVariable(String variable) Specify that a path variable in URL to be compared.For example,
requestMatchers("/user/{username}").hasVariable("username").equalTo(Authentication::getName)
- Parameters:
variable
- the variable in URL template to compare.- Returns:
AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>.AuthorizedUrl.AuthorizedUrlVariable
for further customization.- Since:
- 6.3
-
access
public AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry access(AuthorizationManager<RequestAuthorizationContext> manager) Allows specifying a customAuthorizationManager
.- Parameters:
manager
- theAuthorizationManager
to use- Returns:
- the
AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>.AuthorizationManagerRequestMatcherRegistry
for further customizations
-