Package org.springframework.security.config.annotation.web.configurers

Class AuthorizeHttpRequestsConfigurer.AuthorizedUrl

java.lang.Object

org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl

Direct Known Subclasses:

AuthorizeHttpRequestsConfigurer.MvcMatchersAuthorizedUrl

Enclosing class:

AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>

public class AuthorizeHttpRequestsConfigurer.AuthorizedUrl
extends java.lang.Object

An object that allows configuring the AuthorizationManager for RequestMatchers.

Method Summary

Modifier and Type	Method	Description
AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry	access(org.springframework.security.authorization.AuthorizationManager<org.springframework.security.web.access.intercept.RequestAuthorizationContext> manager)	Allows specifying a custom AuthorizationManager.
AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry	anonymous()	Specify that URLs are allowed by anonymous users.
AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry	authenticated()	Specify that URLs are allowed by any authenticated user.
AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry	denyAll()	Specify that URLs are not allowed by anyone.
AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry	fullyAuthenticated()	Specify that URLs are allowed by users who have authenticated and were not "remembered".
protected java.util.List<? extends org.springframework.security.web.util.matcher.RequestMatcher>	getMatchers()
AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry	hasAnyAuthority(java.lang.String... authorities)	Specifies that a user requires one of many authorities.
AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry	hasAnyRole(java.lang.String... roles)	Specifies that a user requires one of many roles.
AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry	hasAuthority(java.lang.String authority)	Specifies a user requires an authority.
AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry	hasRole(java.lang.String role)	Specifies a user requires a role.
AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry	permitAll()	Specify that URLs are allowed by anyone.
AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry	rememberMe()	Specify that URLs are allowed by users that have been remembered.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

getMatchers

protected java.util.List<? extends org.springframework.security.web.util.matcher.RequestMatcher> getMatchers()

permitAll

public AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry permitAll()

Specify that URLs are allowed by anyone.

Returns:

the AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry for further customizations

denyAll

public AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry denyAll()

Specify that URLs are not allowed by anyone.

Returns:

the AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry for further customizations

hasRole

public AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry hasRole(java.lang.String role)

Specifies a user requires a role.

Parameters:

role - the role that should be required which is prepended with ROLE_ automatically (i.e. USER, ADMIN, etc). It should not start with ROLE_

Returns:

AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry for further customizations

hasAnyRole

public AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry hasAnyRole(java.lang.String... roles)

Specifies that a user requires one of many roles.

Parameters:

roles - the roles that the user should have at least one of (i.e. ADMIN, USER, etc). Each role should not start with ROLE_ since it is automatically prepended already

Returns:

the AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry for further customizations

hasAuthority

public AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry hasAuthority(java.lang.String authority)

Specifies a user requires an authority.

Parameters:

authority - the authority that should be required

Returns:

the AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry for further customizations

hasAnyAuthority

public AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry hasAnyAuthority(java.lang.String... authorities)

Specifies that a user requires one of many authorities.

Parameters:

authorities - the authorities that the user should have at least one of (i.e. ROLE_USER, ROLE_ADMIN, etc)

Returns:

the AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry for further customizations

authenticated

public AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry authenticated()

Specify that URLs are allowed by any authenticated user.

Returns:

the AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry for further customizations

fullyAuthenticated

public AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry fullyAuthenticated()

Specify that URLs are allowed by users who have authenticated and were not "remembered".

Returns:

the AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry for further customization

Since:

5.8

See Also:

RememberMeConfigurer

rememberMe

public AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry rememberMe()

Specify that URLs are allowed by users that have been remembered.

Returns:

the AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry for further customization

Since:

5.8

See Also:

RememberMeConfigurer

anonymous

public AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry anonymous()

Specify that URLs are allowed by anonymous users.

Returns:

the AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry for further customization

Since:

5.8

access

public AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry access(org.springframework.security.authorization.AuthorizationManager<org.springframework.security.web.access.intercept.RequestAuthorizationContext> manager)

Allows specifying a custom AuthorizationManager.

Parameters:

manager - the AuthorizationManager to use

Returns:

the AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry for further customizations