Package org.springframework.security.config.annotation.web.builders

Class HttpSecurity.RequestMatcherConfigurer

java.lang.Object

org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry<HttpSecurity.RequestMatcherConfigurer>

org.springframework.security.config.annotation.web.builders.HttpSecurity.RequestMatcherConfigurer

Enclosing class:

HttpSecurity

public class HttpSecurity.RequestMatcherConfigurer
extends AbstractRequestMatcherRegistry<HttpSecurity.RequestMatcherConfigurer>

Allows mapping HTTP requests that this HttpSecurity will be used for

Since:

3.2

Field Summary

Fields

Modifier and Type	Field	Description
protected List<org.springframework.security.web.util.matcher.RequestMatcher>	matchers

Method Summary

Modifier and Type	Method	Description
HttpSecurity	and()	Deprecated, for removal: This API element is subject to removal in a future version. Use the lambda based configuration instead.
protected HttpSecurity.RequestMatcherConfigurer	chainRequestMatchers(List<org.springframework.security.web.util.matcher.RequestMatcher> requestMatchers)	Subclasses should implement this method for returning the object that is chained to the creation of the RequestMatcher instances.

Methods inherited from class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry

anyRequest, createMvcMatchers, dispatcherTypeMatchers, dispatcherTypeMatchers, getApplicationContext, requestMatchers, requestMatchers, requestMatchers, requestMatchers, setApplicationContext

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

matchers

protected List<org.springframework.security.web.util.matcher.RequestMatcher> matchers

Method Details

chainRequestMatchers

protected HttpSecurity.RequestMatcherConfigurer chainRequestMatchers(List<org.springframework.security.web.util.matcher.RequestMatcher> requestMatchers)

Description copied from class: AbstractRequestMatcherRegistry

Subclasses should implement this method for returning the object that is chained to the creation of the RequestMatcher instances.

Specified by:

chainRequestMatchers in class AbstractRequestMatcherRegistry<HttpSecurity.RequestMatcherConfigurer>

Parameters:

requestMatchers - the RequestMatcher instances that were created

Returns:

the chained Object for the subclass which allows association of something else to the RequestMatcher

and

@Deprecated(since="6.1",
            forRemoval=true)
public HttpSecurity and()

Deprecated, for removal: This API element is subject to removal in a future version.

Use the lambda based configuration instead. For example:

 @Configuration
 @EnableWebSecurity
 public class SecurityConfig {

     @Bean
     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
         http
             .securityMatchers((matchers) -> matchers
                 .requestMatchers("/api/**")
             )
             .authorizeHttpRequests((authorize) -> authorize
                 .anyRequest().hasRole("USER")
             )
             .httpBasic(Customizer.withDefaults());
         return http.build();
     }

 }
 

Return the HttpSecurity for further customizations

Returns:

the HttpSecurity for further customizations