Package org.springframework.security.config.annotation.web.configuration

Class WebSecurityConfiguration

  • All Implemented Interfaces:
    org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanClassLoaderAware, org.springframework.context.annotation.ImportAware
    @Configuration(proxyBeanMethods=false)
public class WebSecurityConfiguration
extends java.lang.Object
implements org.springframework.context.annotation.ImportAware, org.springframework.beans.factory.BeanClassLoaderAware
    Uses a WebSecurity to create the FilterChainProxy that performs the web based security for Spring Security. It then exports the necessary beans. Customizations can be made to WebSecurity by implementing WebSecurityConfigurer and exposing it as a Configuration or exposing a WebSecurityCustomizer bean. This configuration is imported when using EnableWebSecurity.
    Since:
    3.2
    See Also:
    EnableWebSecurity, WebSecurity

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      static org.springframework.beans.factory.config.BeanFactoryPostProcessor conversionServicePostProcessor()  
      static org.springframework.security.context.DelegatingApplicationListener delegatingApplicationListener()  
      org.springframework.security.web.access.WebInvocationPrivilegeEvaluator privilegeEvaluator()
      Creates the WebInvocationPrivilegeEvaluator that is necessary to evaluate privileges for a given web URI
      void setBeanClassLoader​(java.lang.ClassLoader classLoader)  
      void setFilterChainProxySecurityConfigurer​(ObjectPostProcessor<java.lang.Object> objectPostProcessor, org.springframework.beans.factory.config.ConfigurableListableBeanFactory beanFactory)
      Sets the <SecurityConfigurer<FilterChainProxy, WebSecurityBuilder> instances used to create the web configuration.
      void setImportMetadata​(org.springframework.core.type.AnnotationMetadata importMetadata)  
      javax.servlet.Filter springSecurityFilterChain()
      Creates the Spring Security Filter Chain
      org.springframework.security.access.expression.SecurityExpressionHandler<org.springframework.security.web.FilterInvocation> webSecurityExpressionHandler()  

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • WebSecurityConfiguration

        public WebSecurityConfiguration()

    • Method Detail

      • delegatingApplicationListener

        @Bean
public static org.springframework.security.context.DelegatingApplicationListener delegatingApplicationListener()

      • webSecurityExpressionHandler

        @Bean
@DependsOn("springSecurityFilterChain")
public org.springframework.security.access.expression.SecurityExpressionHandler<org.springframework.security.web.FilterInvocation> webSecurityExpressionHandler()

      • springSecurityFilterChain

        @Bean(name="springSecurityFilterChain")
public javax.servlet.Filter springSecurityFilterChain()
                                               throws java.lang.Exception
        Creates the Spring Security Filter Chain
        Returns:
        the Filter that represents the security filter chain
        Throws:
        java.lang.Exception

      • privilegeEvaluator

        @Bean
@DependsOn("springSecurityFilterChain")
public org.springframework.security.web.access.WebInvocationPrivilegeEvaluator privilegeEvaluator()
        Creates the WebInvocationPrivilegeEvaluator that is necessary to evaluate privileges for a given web URI
        Returns:
        the WebInvocationPrivilegeEvaluator

      • setFilterChainProxySecurityConfigurer

        @Autowired(required=false)
public void setFilterChainProxySecurityConfigurer​(ObjectPostProcessor<java.lang.Object> objectPostProcessor,
                                                  org.springframework.beans.factory.config.ConfigurableListableBeanFactory beanFactory)
                                           throws java.lang.Exception
        Sets the <SecurityConfigurer<FilterChainProxy, WebSecurityBuilder> instances used to create the web configuration.
        Parameters:
        objectPostProcessor - the ObjectPostProcessor used to create a WebSecurity instance
        beanFactory - the bean factory to use to retrieve the relevant <SecurityConfigurer<FilterChainProxy, WebSecurityBuilder> instances used to create the web configuration
        Throws:
        java.lang.Exception

      • conversionServicePostProcessor

        @Bean
public static org.springframework.beans.factory.config.BeanFactoryPostProcessor conversionServicePostProcessor()

      • setImportMetadata

        public void setImportMetadata​(org.springframework.core.type.AnnotationMetadata importMetadata)
        Specified by:
        setImportMetadata in interface org.springframework.context.annotation.ImportAware

      • setBeanClassLoader

        public void setBeanClassLoader​(java.lang.ClassLoader classLoader)
        Specified by:
        setBeanClassLoader in interface org.springframework.beans.factory.BeanClassLoaderAware