|
|||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||
java.lang.Objectorg.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource
public class DefaultFilterInvocationSecurityMetadataSource
Default implementation of FilterInvocationDefinitionSource.
Stores an ordered map of compiled URL paths to ConfigAttribute lists and provides URL matching against the items stored in this map using the configured UrlMatcher.
The order of the URL paths in the map is very important. The system will identify the first matching path for a given HTTP URL. It will not proceed to evaluate later paths if a match has already been found. Accordingly, the most specific matches should be registered first, with the most general matches registered last.
If URL paths are registered for a particular HTTP method using, then the method-specific matches will take precedence over any URLs which are registered without an HTTP method.
| Field Summary | |
|---|---|
protected org.apache.commons.logging.Log |
logger
|
| Constructor Summary | |
|---|---|
DefaultFilterInvocationSecurityMetadataSource(UrlMatcher urlMatcher,
LinkedHashMap<RequestKey,Collection<ConfigAttribute>> requestMap)
Builds the internal request map from the supplied map. |
|
| Method Summary | |
|---|---|
Collection<ConfigAttribute> |
getAllConfigAttributes()
If available, returns all of the ConfigAttributes defined by the implementing class. |
Collection<ConfigAttribute> |
getAttributes(Object object)
Accesses the ConfigAttributes that apply to a given secure object. |
protected UrlMatcher |
getUrlMatcher()
|
boolean |
isConvertUrlToLowercaseBeforeComparison()
|
Collection<ConfigAttribute> |
lookupAttributes(String url,
String method)
Performs the actual lookup of the relevant ConfigAttributes for the given FilterInvocation. |
void |
setStripQueryStringFromUrls(boolean stripQueryStringFromUrls)
|
boolean |
supports(Class<?> clazz)
Indicates whether the SecurityMetadataSource implementation is able to provide
ConfigAttributes for the indicated secure object type. |
| Methods inherited from class java.lang.Object |
|---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Field Detail |
|---|
protected final org.apache.commons.logging.Log logger
| Constructor Detail |
|---|
public DefaultFilterInvocationSecurityMetadataSource(UrlMatcher urlMatcher,
LinkedHashMap<RequestKey,Collection<ConfigAttribute>> requestMap)
RequestKey,
which contains a URL path and an optional HTTP method (may be null). The path stored in the key will depend on
the type of the supplied UrlMatcher.
urlMatcher - typically an ant or regular expression matcher.requestMap - order-preserving map of request definitions to attribute lists| Method Detail |
|---|
public Collection<ConfigAttribute> getAllConfigAttributes()
SecurityMetadataSourceConfigAttributes defined by the implementing class.
This is used by the AbstractSecurityInterceptor to perform startup time validation of each
ConfigAttribute configured against it.
getAllConfigAttributes in interface SecurityMetadataSourceConfigAttributes or null if unsupportedpublic Collection<ConfigAttribute> getAttributes(Object object)
SecurityMetadataSourceConfigAttributes that apply to a given secure object.
Returns null if no attributes apply.
getAttributes in interface SecurityMetadataSourceobject - the object being secured
public final Collection<ConfigAttribute> lookupAttributes(String url,
String method)
FilterInvocation.
By default, iterates through the stored URL map and calls the
UrlMatcher.pathMatchesUrl(Object path, String url) method until a match is found.
url - the URI to retrieve configuration attributes formethod - the HTTP method (GET, POST, DELETE...), or null for any method.
ConfigAttributes that apply to the specified FilterInvocation
or null if no match is foundpublic boolean supports(Class<?> clazz)
SecurityMetadataSourceSecurityMetadataSource implementation is able to provide
ConfigAttributes for the indicated secure object type.
supports in interface SecurityMetadataSourceclazz - the class that is being queried
protected UrlMatcher getUrlMatcher()
public boolean isConvertUrlToLowercaseBeforeComparison()
public void setStripQueryStringFromUrls(boolean stripQueryStringFromUrls)
|
|||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||