Class ServerHttpSecurity.AuthorizeExchangeSpec.Access
- java.lang.Object
-
- org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access
-
- Enclosing class:
- ServerHttpSecurity.AuthorizeExchangeSpec
public final class ServerHttpSecurity.AuthorizeExchangeSpec.Access extends java.lang.Object
Configures the access for a particular set of exchanges.
-
-
Constructor Summary
Constructors Constructor Description Access()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description ServerHttpSecurity.AuthorizeExchangeSpec
access(org.springframework.security.authorization.ReactiveAuthorizationManager<org.springframework.security.web.server.authorization.AuthorizationContext> manager)
Allows plugging in a custom authorization strategyServerHttpSecurity.AuthorizeExchangeSpec
authenticated()
Require an authenticated userServerHttpSecurity.AuthorizeExchangeSpec
denyAll()
Deny access for everyoneServerHttpSecurity.AuthorizeExchangeSpec
hasAnyAuthority(java.lang.String... authorities)
Require any authorityServerHttpSecurity.AuthorizeExchangeSpec
hasAnyRole(java.lang.String... roles)
Require any specific role.ServerHttpSecurity.AuthorizeExchangeSpec
hasAuthority(java.lang.String authority)
Require a specific authority.ServerHttpSecurity.AuthorizeExchangeSpec
hasIpAddress(java.lang.String ipAddress)
Require a specific IP address or range using an IP/Netmask (e.g.ServerHttpSecurity.AuthorizeExchangeSpec
hasRole(java.lang.String role)
Require a specific role.ServerHttpSecurity.AuthorizeExchangeSpec
permitAll()
Allow access for anyone
-
-
-
Method Detail
-
permitAll
public ServerHttpSecurity.AuthorizeExchangeSpec permitAll()
Allow access for anyone- Returns:
- the
ServerHttpSecurity.AuthorizeExchangeSpec
to configure
-
denyAll
public ServerHttpSecurity.AuthorizeExchangeSpec denyAll()
Deny access for everyone- Returns:
- the
ServerHttpSecurity.AuthorizeExchangeSpec
to configure
-
hasRole
public ServerHttpSecurity.AuthorizeExchangeSpec hasRole(java.lang.String role)
Require a specific role. This is a shorcut forhasAuthority(String)
- Parameters:
role
- the role (i.e. "USER" would require "ROLE_USER")- Returns:
- the
ServerHttpSecurity.AuthorizeExchangeSpec
to configure
-
hasAnyRole
public ServerHttpSecurity.AuthorizeExchangeSpec hasAnyRole(java.lang.String... roles)
Require any specific role. This is a shortcut forhasAnyAuthority(String...)
- Parameters:
roles
- the roles (i.e. "USER" would require "ROLE_USER")- Returns:
- the
ServerHttpSecurity.AuthorizeExchangeSpec
to configure
-
hasAuthority
public ServerHttpSecurity.AuthorizeExchangeSpec hasAuthority(java.lang.String authority)
Require a specific authority.- Parameters:
authority
- the authority to require (i.e. "USER" would require authority of "USER").- Returns:
- the
ServerHttpSecurity.AuthorizeExchangeSpec
to configure
-
hasAnyAuthority
public ServerHttpSecurity.AuthorizeExchangeSpec hasAnyAuthority(java.lang.String... authorities)
Require any authority- Parameters:
authorities
- the authorities to require (i.e. "USER" would require authority of "USER").- Returns:
- the
ServerHttpSecurity.AuthorizeExchangeSpec
to configure
-
authenticated
public ServerHttpSecurity.AuthorizeExchangeSpec authenticated()
Require an authenticated user- Returns:
- the
ServerHttpSecurity.AuthorizeExchangeSpec
to configure
-
hasIpAddress
public ServerHttpSecurity.AuthorizeExchangeSpec hasIpAddress(java.lang.String ipAddress)
Require a specific IP address or range using an IP/Netmask (e.g. 192.168.1.0/24).- Parameters:
ipAddress
- the address or range of addresses from which the request must come.- Returns:
- the
ServerHttpSecurity.AuthorizeExchangeSpec
to configure - Since:
- 5.7
-
access
public ServerHttpSecurity.AuthorizeExchangeSpec access(org.springframework.security.authorization.ReactiveAuthorizationManager<org.springframework.security.web.server.authorization.AuthorizationContext> manager)
Allows plugging in a custom authorization strategy- Parameters:
manager
- the authorization manager to use- Returns:
- the
ServerHttpSecurity.AuthorizeExchangeSpec
to configure
-
-