Package org.springframework.security.web.access.intercept

Class DefaultFilterInvocationSecurityMetadataSource

java.lang.Object
org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource
All Implemented Interfaces:
org.springframework.aop.framework.AopInfrastructureBean, SecurityMetadataSource, FilterInvocationSecurityMetadataSource
Direct Known Subclasses:
ExpressionBasedFilterInvocationSecurityMetadataSource
public class DefaultFilterInvocationSecurityMetadataSource extends Object implements FilterInvocationSecurityMetadataSource
Default implementation of FilterInvocationDefinitionSource.

Stores an ordered map of RequestMatchers to ConfigAttribute collections and provides matching of FilterInvocations against the items stored in the map.

The order of the RequestMatchers in the map is very important. The first one which matches the request will be used. Later matchers in the map will not be invoked if a match has already been found. Accordingly, the most specific matchers should be registered first, with the most general matches registered last.

The most common method creating an instance is using the Spring Security namespace. For example, the pattern and access attributes of the <intercept-url> elements defined as children of the <http> element are combined to build the instance used by the FilterSecurityInterceptor.

  • Field Details

    • logger

      protected final org.apache.commons.logging.Log logger

  • Constructor Details

    • DefaultFilterInvocationSecurityMetadataSource

      public DefaultFilterInvocationSecurityMetadataSource(LinkedHashMap<RequestMatcher,Collection<ConfigAttribute>> requestMap)
      Sets the internal request map from the supplied map. The key elements should be of type RequestMatcher, which. The path stored in the key will depend on the type of the supplied UrlMatcher.
      Parameters:
      requestMap - order-preserving map of request definitions to attribute lists

  • Method Details

    • getAllConfigAttributes

      public Collection<ConfigAttribute> getAllConfigAttributes()
      Description copied from interface: SecurityMetadataSource
      If available, returns all of the ConfigAttributes defined by the implementing class.

      This is used by the AbstractSecurityInterceptor to perform startup time validation of each ConfigAttribute configured against it.

      Specified by:
      getAllConfigAttributes in interface SecurityMetadataSource
      Returns:
      the ConfigAttributes or null if unsupported

    • getAttributes

      public Collection<ConfigAttribute> getAttributes(Object object)
      Description copied from interface: SecurityMetadataSource
      Accesses the ConfigAttributes that apply to a given secure object.
      Specified by:
      getAttributes in interface SecurityMetadataSource
      Parameters:
      object - the object being secured
      Returns:
      the attributes that apply to the passed in secured object. Should return an empty collection if there are no applicable attributes.

    • supports

      public boolean supports(Class<?> clazz)
      Description copied from interface: SecurityMetadataSource
      Indicates whether the SecurityMetadataSource implementation is able to provide ConfigAttributes for the indicated secure object type.
      Specified by:
      supports in interface SecurityMetadataSource
      Parameters:
      clazz - the class that is being queried
      Returns:
      true if the implementation can process the indicated class