H - the type of HttpSecurityBuilder that is being configuredpublic final class UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>> extends SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,B>
DefaultFilterInvocationSecurityMetadataSource. At least one
RequestMapping needs to be mapped to
ConfigAttribute's for this SecurityContextConfigurer to have meaning.
Usage includes applying the UrlAuthorizationConfigurer and then modifying the
StandardInterceptUrlRegistry. For example:
protected void configure(HttpSecurity http) throws Exception {
http.apply(new UrlAuthorizationConfigurer<HttpSecurity>()).getRegistry()
.antMatchers("/users**", "/sessions/**").hasRole("USER")
.antMatchers("/signup").hasRole("ANONYMOUS").anyRequest().hasRole("USER");
}
The following Filters are populated
FilterSecurityInterceptorSecurityConfigurer's to
customize:
FilterSecurityInterceptorExpressionUrlAuthorizationConfigurer| Modifier and Type | Class and Description |
|---|---|
class |
UrlAuthorizationConfigurer.AuthorizedUrl
Maps the specified
RequestMatcher instances to ConfigAttribute
instances. |
class |
UrlAuthorizationConfigurer.StandardInterceptUrlRegistry |
| Constructor and Description |
|---|
UrlAuthorizationConfigurer() |
| Modifier and Type | Method and Description |
|---|---|
void |
configure(H http)
Configure the
SecurityBuilder by setting the necessary properties on the
SecurityBuilder. |
B |
disable()
Disables the
AbstractHttpConfigurer by removing it. |
UrlAuthorizationConfigurer.StandardInterceptUrlRegistry |
getRegistry()
The StandardInterceptUrlRegistry is what users will interact with after applying
the
UrlAuthorizationConfigurer. |
UrlAuthorizationConfigurer<H> |
withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor)
Adds an
ObjectPostProcessor for this class. |
addObjectPostProcessor, and, getBuilder, init, postProcess, setBuilderpublic UrlAuthorizationConfigurer.StandardInterceptUrlRegistry getRegistry()
UrlAuthorizationConfigurer.public UrlAuthorizationConfigurer<H> withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor)
ObjectPostProcessor for this class.objectPostProcessor - UrlAuthorizationConfigurer for further customizationspublic void configure(H http)
throws Exception
SecurityConfigurerSecurityBuilder by setting the necessary properties on the
SecurityBuilder.configure in interface SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>configure in class SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>Exceptionpublic B disable()
AbstractHttpConfigurer by removing it. After doing so a fresh
version of the configuration can be applied.HttpSecurityBuilder for additional customizations