public class DefaultFilterInvocationSecurityMetadataSource extends java.lang.Object implements FilterInvocationSecurityMetadataSource
Stores an ordered map of RequestMatchers to ConfigAttribute
collections and provides matching of FilterInvocations against the items stored
in the map.
The order of the RequestMatchers in the map is very important. The first
one which matches the request will be used. Later matchers in the map will not be
invoked if a match has already been found. Accordingly, the most specific matchers
should be registered first, with the most general matches registered last.
The most common method creating an instance is using the Spring Security namespace. For
example, the pattern and access attributes of the
<intercept-url> elements defined as children of the <http>
element are combined to build the instance used by the
FilterSecurityInterceptor.
| Modifier and Type | Field and Description |
|---|---|
protected org.apache.commons.logging.Log |
logger |
| Constructor and Description |
|---|
DefaultFilterInvocationSecurityMetadataSource(java.util.LinkedHashMap<RequestMatcher,java.util.Collection<ConfigAttribute>> requestMap)
Sets the internal request map from the supplied map.
|
| Modifier and Type | Method and Description |
|---|---|
java.util.Collection<ConfigAttribute> |
getAllConfigAttributes()
If available, returns all of the
ConfigAttributes defined by the
implementing class. |
java.util.Collection<ConfigAttribute> |
getAttributes(java.lang.Object object)
Accesses the
ConfigAttributes that apply to a given secure object. |
boolean |
supports(java.lang.Class<?> clazz)
Indicates whether the
SecurityMetadataSource implementation is able to
provide ConfigAttributes for the indicated secure object type. |
public DefaultFilterInvocationSecurityMetadataSource(java.util.LinkedHashMap<RequestMatcher,java.util.Collection<ConfigAttribute>> requestMap)
RequestMatcher, which. The path stored in the key will depend on the
type of the supplied UrlMatcher.requestMap - order-preserving map of request definitions to attribute listspublic java.util.Collection<ConfigAttribute> getAllConfigAttributes()
SecurityMetadataSourceConfigAttributes defined by the
implementing class.
This is used by the AbstractSecurityInterceptor to perform startup time
validation of each ConfigAttribute configured against it.
getAllConfigAttributes in interface SecurityMetadataSourceConfigAttributes or null if unsupportedpublic java.util.Collection<ConfigAttribute> getAttributes(java.lang.Object object)
SecurityMetadataSourceConfigAttributes that apply to a given secure object.getAttributes in interface SecurityMetadataSourceobject - the object being securedpublic boolean supports(java.lang.Class<?> clazz)
SecurityMetadataSourceSecurityMetadataSource implementation is able to
provide ConfigAttributes for the indicated secure object type.supports in interface SecurityMetadataSourceclazz - the class that is being queried