Class AuthorizeHttpRequestsConfigurer.AuthorizedUrl
java.lang.Object
org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl
- Enclosing class:
- AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>
An object that allows configuring the
AuthorizationManager
for
RequestMatcher
s.-
Method Summary
Modifier and TypeMethodDescriptionaccess
(org.springframework.security.authorization.AuthorizationManager<org.springframework.security.web.access.intercept.RequestAuthorizationContext> manager) Allows specifying a customAuthorizationManager
.Specify that URLs are allowed by anonymous users.Specify that URLs are allowed by any authenticated user.denyAll()
Specify that URLs are not allowed by anyone.Specify that URLs are allowed by users who have authenticated and were not "remembered".protected List<? extends org.springframework.security.web.util.matcher.RequestMatcher>
hasAnyAuthority
(String... authorities) Specifies that a user requires one of many authorities.hasAnyRole
(String... roles) Specifies that a user requires one of many roles.hasAuthority
(String authority) Specifies a user requires an authority.Specifies a user requires a role.Specify that URLs are allowed by anyone.Specify that URLs are allowed by users that have been remembered.
-
Method Details
-
getMatchers
protected List<? extends org.springframework.security.web.util.matcher.RequestMatcher> getMatchers() -
permitAll
Specify that URLs are allowed by anyone.- Returns:
- the
AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>.AuthorizationManagerRequestMatcherRegistry
for further customizations
-
denyAll
Specify that URLs are not allowed by anyone.- Returns:
- the
AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>.AuthorizationManagerRequestMatcherRegistry
for further customizations
-
hasRole
public AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry hasRole(String role) Specifies a user requires a role.- Parameters:
role
- the role that should be required which is prepended with ROLE_ automatically (i.e. USER, ADMIN, etc). It should not start with ROLE_- Returns:
AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>.AuthorizationManagerRequestMatcherRegistry
for further customizations
-
hasAnyRole
public AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry hasAnyRole(String... roles) Specifies that a user requires one of many roles.- Parameters:
roles
- the roles that the user should have at least one of (i.e. ADMIN, USER, etc). Each role should not start with ROLE_ since it is automatically prepended already- Returns:
- the
AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>.AuthorizationManagerRequestMatcherRegistry
for further customizations
-
hasAuthority
public AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry hasAuthority(String authority) Specifies a user requires an authority.- Parameters:
authority
- the authority that should be required- Returns:
- the
AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>.AuthorizationManagerRequestMatcherRegistry
for further customizations
-
hasAnyAuthority
public AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry hasAnyAuthority(String... authorities) Specifies that a user requires one of many authorities.- Parameters:
authorities
- the authorities that the user should have at least one of (i.e. ROLE_USER, ROLE_ADMIN, etc)- Returns:
- the
AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>.AuthorizationManagerRequestMatcherRegistry
for further customizations
-
authenticated
public AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry authenticated()Specify that URLs are allowed by any authenticated user.- Returns:
- the
AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>.AuthorizationManagerRequestMatcherRegistry
for further customizations
-
fullyAuthenticated
public AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry fullyAuthenticated()Specify that URLs are allowed by users who have authenticated and were not "remembered".- Returns:
- the
AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>.AuthorizationManagerRequestMatcherRegistry
for further customization - Since:
- 5.8
- See Also:
-
rememberMe
Specify that URLs are allowed by users that have been remembered.- Returns:
- the
AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>.AuthorizationManagerRequestMatcherRegistry
for further customization - Since:
- 5.8
- See Also:
-
anonymous
Specify that URLs are allowed by anonymous users.- Returns:
- the
AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>.AuthorizationManagerRequestMatcherRegistry
for further customization - Since:
- 5.8
-
access
public AuthorizeHttpRequestsConfigurer<H>.AuthorizationManagerRequestMatcherRegistry access(org.springframework.security.authorization.AuthorizationManager<org.springframework.security.web.access.intercept.RequestAuthorizationContext> manager) Allows specifying a customAuthorizationManager
.- Parameters:
manager
- theAuthorizationManager
to use- Returns:
- the
AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>.AuthorizationManagerRequestMatcherRegistry
for further customizations
-