Package org.springframework.security.config.annotation.web.builders

Class WebSecurity

    • Method Detail

      • ignoring

        public WebSecurity.IgnoredRequestConfigurer ignoring()

        Allows adding RequestMatcher instances that Spring Security should ignore. Web Security provided by Spring Security (including the SecurityContext) will not be available on HttpServletRequest that match. Typically the requests that are registered should be that of only static resources. For requests that are dynamic, consider mapping the request to allow all users instead.

        Example Usage: 
         webSecurityBuilder.ignoring()
 // ignore all URLs that start with /resources/ or /static/
                .antMatchers("/resources/**", "/static/**");
        Alternatively this will accomplish the same result: 
         webSecurityBuilder.ignoring()
 // ignore all URLs that start with /resources/ or /static/
                .antMatchers("/resources/**").antMatchers("/static/**");
        Multiple invocations of ignoring() are also additive, so the following is also equivalent to the previous two examples: 
         webSecurityBuilder.ignoring()
 // ignore all URLs that start with /resources/
                .antMatchers("/resources/**");
 webSecurityBuilder.ignoring()
 // ignore all URLs that start with /static/
                .antMatchers("/static/**");
 // now both URLs that start with /resources/ and /static/ will be ignored
        Returns:
        the WebSecurity.IgnoredRequestConfigurer to use for registering request that should be ignored

      • httpFirewall

        public WebSecurity httpFirewall​(org.springframework.security.web.firewall.HttpFirewall httpFirewall)
        Allows customizing the HttpFirewall. The default is StrictHttpFirewall.
        Parameters:
        httpFirewall - the custom HttpFirewall
        Returns:
        the WebSecurity for further customizations

      • debug

        public WebSecurity debug​(boolean debugEnabled)
        Controls debugging support for Spring Security.
        Parameters:
        debugEnabled - if true, enables debug support with Spring Security. Default is false.
        Returns:
        the WebSecurity for further customization.
        See Also:
        EnableWebSecurity.debug()

      • addSecurityFilterChainBuilder

        public WebSecurity addSecurityFilterChainBuilder​(SecurityBuilder<? extends org.springframework.security.web.SecurityFilterChain> securityFilterChainBuilder)

        Adds builders to create SecurityFilterChain instances.

        Typically this method is invoked automatically within the framework from WebSecurityConfigurerAdapter.init(WebSecurity)

        Parameters:
        securityFilterChainBuilder - the builder to use to create the SecurityFilterChain instances
        Returns:
        the WebSecurity for further customizations

      • privilegeEvaluator

        public WebSecurity privilegeEvaluator​(org.springframework.security.web.access.WebInvocationPrivilegeEvaluator privilegeEvaluator)
        Set the WebInvocationPrivilegeEvaluator to be used. If this is not specified, then a DefaultWebInvocationPrivilegeEvaluator will be created when securityInterceptor(FilterSecurityInterceptor) is non null.
        Parameters:
        privilegeEvaluator - the WebInvocationPrivilegeEvaluator to use
        Returns:
        the WebSecurity for further customizations

      • expressionHandler

        public WebSecurity expressionHandler​(org.springframework.security.access.expression.SecurityExpressionHandler<org.springframework.security.web.FilterInvocation> expressionHandler)
        Set the SecurityExpressionHandler to be used. If this is not specified, then a DefaultWebSecurityExpressionHandler will be used.
        Parameters:
        expressionHandler - the SecurityExpressionHandler to use
        Returns:
        the WebSecurity for further customizations

      • getExpressionHandler

        public org.springframework.security.access.expression.SecurityExpressionHandler<org.springframework.security.web.FilterInvocation> getExpressionHandler()
        Gets the SecurityExpressionHandler to be used.
        Returns:
        the SecurityExpressionHandler for further customizations

      • getPrivilegeEvaluator

        public org.springframework.security.web.access.WebInvocationPrivilegeEvaluator getPrivilegeEvaluator()
        Gets the WebInvocationPrivilegeEvaluator to be used.
        Returns:
        the WebInvocationPrivilegeEvaluator for further customizations

      • postBuildAction

        public WebSecurity postBuildAction​(java.lang.Runnable postBuildAction)
        Executes the Runnable immediately after the build takes place
        Parameters:
        postBuildAction -
        Returns:
        the WebSecurity for further customizations

      • performBuild

        protected javax.servlet.Filter performBuild()
                                     throws java.lang.Exception
        Description copied from class: AbstractConfiguredSecurityBuilder
        Subclasses must implement this method to build the object that is being returned.
        Specified by:
        performBuild in class AbstractConfiguredSecurityBuilder<javax.servlet.Filter,​WebSecurity>
        Returns:
        the Object to be buit or null if the implementation allows it
        Throws:
        java.lang.Exception

      • setApplicationContext

        public void setApplicationContext​(org.springframework.context.ApplicationContext applicationContext)
                           throws org.springframework.beans.BeansException
        Specified by:
        setApplicationContext in interface org.springframework.context.ApplicationContextAware
        Throws:
        org.springframework.beans.BeansException

      • setServletContext

        public void setServletContext​(javax.servlet.ServletContext servletContext)
        Specified by:
        setServletContext in interface org.springframework.web.context.ServletContextAware