spring-security-web

org.springframework.security.web.access.intercept
Class DefaultFilterInvocationSecurityMetadataSource

java.lang.Object
  extended by org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource
All Implemented Interfaces:
AopInfrastructureBean, org.springframework.security.access.SecurityMetadataSource, FilterInvocationSecurityMetadataSource
Direct Known Subclasses:
ExpressionBasedFilterInvocationSecurityMetadataSource

public class DefaultFilterInvocationSecurityMetadataSource
extends Object
implements FilterInvocationSecurityMetadataSource

Default implementation of FilterInvocationDefinitionSource.

Stores an ordered map of compiled URL paths to ConfigAttribute lists and provides URL matching against the items stored in this map using the configured UrlMatcher.

The order of the URL paths in the map is very important. The system will identify the first matching path for a given HTTP URL. It will not proceed to evaluate later paths if a match has already been found. Accordingly, the most specific matches should be registered first, with the most general matches registered last.

If URL paths are registered for a particular HTTP method using, then the method-specific matches will take precedence over any URLs which are registered without an HTTP method.

Author:
Ben Alex, Luke Taylor

Field Summary
protected  org.apache.commons.logging.Log logger
           
 
Constructor Summary
DefaultFilterInvocationSecurityMetadataSource(UrlMatcher urlMatcher, LinkedHashMap<RequestKey,Collection<org.springframework.security.access.ConfigAttribute>> requestMap)
          Builds the internal request map from the supplied map.
 
Method Summary
 Collection<org.springframework.security.access.ConfigAttribute> getAllConfigAttributes()
           
 Collection<org.springframework.security.access.ConfigAttribute> getAttributes(Object object)
           
protected  UrlMatcher getUrlMatcher()
           
 boolean isConvertUrlToLowercaseBeforeComparison()
           
 Collection<org.springframework.security.access.ConfigAttribute> lookupAttributes(String url, String method)
          Performs the actual lookup of the relevant ConfigAttributes for the given FilterInvocation.
 void setStripQueryStringFromUrls(boolean stripQueryStringFromUrls)
           
 boolean supports(Class<?> clazz)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

logger

protected final org.apache.commons.logging.Log logger
Constructor Detail

DefaultFilterInvocationSecurityMetadataSource

public DefaultFilterInvocationSecurityMetadataSource(UrlMatcher urlMatcher,
                                                     LinkedHashMap<RequestKey,Collection<org.springframework.security.access.ConfigAttribute>> requestMap)
Builds the internal request map from the supplied map. The key elements should be of type RequestKey, which contains a URL path and an optional HTTP method (may be null). The path stored in the key will depend on the type of the supplied UrlMatcher.

Parameters:
urlMatcher - typically an ant or regular expression matcher.
requestMap - order-preserving map of request definitions to attribute lists
Method Detail

getAllConfigAttributes

public Collection<org.springframework.security.access.ConfigAttribute> getAllConfigAttributes()
Specified by:
getAllConfigAttributes in interface org.springframework.security.access.SecurityMetadataSource

getAttributes

public Collection<org.springframework.security.access.ConfigAttribute> getAttributes(Object object)
Specified by:
getAttributes in interface org.springframework.security.access.SecurityMetadataSource

lookupAttributes

public final Collection<org.springframework.security.access.ConfigAttribute> lookupAttributes(String url,
                                                                                              String method)
Performs the actual lookup of the relevant ConfigAttributes for the given FilterInvocation.

By default, iterates through the stored URL map and calls the UrlMatcher.pathMatchesUrl(Object path, String url) method until a match is found.

Parameters:
url - the URI to retrieve configuration attributes for
method - the HTTP method (GET, POST, DELETE...), or null for any method.
Returns:
the ConfigAttributes that apply to the specified FilterInvocation or null if no match is found

supports

public boolean supports(Class<?> clazz)
Specified by:
supports in interface org.springframework.security.access.SecurityMetadataSource

getUrlMatcher

protected UrlMatcher getUrlMatcher()

isConvertUrlToLowercaseBeforeComparison

public boolean isConvertUrlToLowercaseBeforeComparison()

setStripQueryStringFromUrls

public void setStripQueryStringFromUrls(boolean stripQueryStringFromUrls)

spring-security-web