H - the type of HttpSecurityBuilder that is being configuredC - the type of object that is being chainedpublic final class UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>> extends SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,B>
DefaultFilterInvocationSecurityMetadataSource. At least one
RequestMapping needs to be
mapped to ConfigAttribute's for this
SecurityContextConfigurer to have meaning.
Usage includes applying the UrlAuthorizationConfigurer and then
modifying the StandardInterceptUrlRegistry. For example:
protected void configure(HttpSecurity http) throws Exception {
http
.apply(new UrlAuthorizationConfigurer()).getRegistry()
.antMatchers("/users**","/sessions/**").hasRole("USER")
.antMatchers("/signup").hasRole("ANONYMOUS")
.anyRequest().hasRole("USER");
}
The following Filters are populated
FilterSecurityInterceptor
SecurityConfigurer's
to customize:
FilterSecurityInterceptor
org.springframework.security.config.annotation.web.builders.HttpSecurity#getAuthenticationManager()
ExpressionUrlAuthorizationConfigurer| Modifier and Type | Class and Description |
|---|---|
class |
UrlAuthorizationConfigurer.AuthorizedUrl
Maps the specified
RequestMatcher instances to ConfigAttribute instances. |
class |
UrlAuthorizationConfigurer.StandardInterceptUrlRegistry |
| Constructor and Description |
|---|
UrlAuthorizationConfigurer() |
| Modifier and Type | Method and Description |
|---|---|
void |
configure(H http)
Configure the
SecurityBuilder by setting the necessary properties
on the SecurityBuilder. |
B |
disable()
Disables the
AbstractHttpConfigurer by removing it. |
UrlAuthorizationConfigurer.StandardInterceptUrlRegistry |
getRegistry()
The StandardInterceptUrlRegistry is what users will interact with after
applying the
UrlAuthorizationConfigurer. |
UrlAuthorizationConfigurer<H> |
withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor)
Adds an
ObjectPostProcessor for this class. |
addObjectPostProcessor, and, getBuilder, init, postProcess, setBuilderpublic UrlAuthorizationConfigurer.StandardInterceptUrlRegistry getRegistry()
UrlAuthorizationConfigurer.public UrlAuthorizationConfigurer<H> withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor)
ObjectPostProcessor for this class.objectPostProcessor - UrlAuthorizationConfigurer for further customizationspublic void configure(H http)
throws Exception
SecurityConfigurerSecurityBuilder by setting the necessary properties
on the SecurityBuilder.configure in interface SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>configure in class SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>Exceptionpublic B disable()
AbstractHttpConfigurer by removing it. After doing
so a fresh version of the configuration can be applied.HttpSecurityBuilder for additional customizations