Package org.springframework.security.web.access.intercept

Class AuthorizationFilter

  • All Implemented Interfaces:
    javax.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.EnvironmentAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware
    public class AuthorizationFilter
extends org.springframework.web.filter.GenericFilterBean
    An authorization filter that restricts access to the URL using AuthorizationManager.
    Since:
    5.5

    • Field Summary

      • Fields inherited from class org.springframework.web.filter.GenericFilterBean

        logger

    • Constructor Summary

      Constructors 
      Constructor Description
      AuthorizationFilter​(org.springframework.security.authorization.AuthorizationManager<javax.servlet.http.HttpServletRequest> authorizationManager)
      Creates an instance.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void doFilter​(javax.servlet.ServletRequest servletRequest, javax.servlet.ServletResponse servletResponse, javax.servlet.FilterChain chain)  
      org.springframework.security.authorization.AuthorizationManager<javax.servlet.http.HttpServletRequest> getAuthorizationManager()
      Gets the AuthorizationManager used by this filter
      boolean isObserveOncePerRequest()  
      void setAuthorizationEventPublisher​(org.springframework.security.authorization.AuthorizationEventPublisher eventPublisher)
      Use this AuthorizationEventPublisher to publish AuthorizationDeniedEvents and AuthorizationGrantedEvents.
      void setFilterAsyncDispatch​(boolean filterAsyncDispatch)
      If set to true, the filter will be applied to the async dispatcher.
      void setFilterErrorDispatch​(boolean filterErrorDispatch)
      If set to true, the filter will be applied to error dispatcher.
      void setObserveOncePerRequest​(boolean observeOncePerRequest)
      Sets whether this filter apply only once per request.
      void setShouldFilterAllDispatcherTypes​(boolean shouldFilterAllDispatcherTypes)
      Sets whether to filter all dispatcher types.

      • Methods inherited from class org.springframework.web.filter.GenericFilterBean

        addRequiredProperty, afterPropertiesSet, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • AuthorizationFilter

        public AuthorizationFilter​(org.springframework.security.authorization.AuthorizationManager<javax.servlet.http.HttpServletRequest> authorizationManager)
        Creates an instance.
        Parameters:
        authorizationManager - the AuthorizationManager to use

    • Method Detail

      • doFilter

        public void doFilter​(javax.servlet.ServletRequest servletRequest,
                     javax.servlet.ServletResponse servletResponse,
                     javax.servlet.FilterChain chain)
              throws javax.servlet.ServletException,
                     java.io.IOException
        Throws:
        javax.servlet.ServletException
        java.io.IOException

      • setAuthorizationEventPublisher

        public void setAuthorizationEventPublisher​(org.springframework.security.authorization.AuthorizationEventPublisher eventPublisher)
        Use this AuthorizationEventPublisher to publish AuthorizationDeniedEvents and AuthorizationGrantedEvents.
        Parameters:
        eventPublisher - the ApplicationEventPublisher to use
        Since:
        5.7

      • getAuthorizationManager

        public org.springframework.security.authorization.AuthorizationManager<javax.servlet.http.HttpServletRequest> getAuthorizationManager()
        Gets the AuthorizationManager used by this filter
        Returns:
        the AuthorizationManager

      • setShouldFilterAllDispatcherTypes

        public void setShouldFilterAllDispatcherTypes​(boolean shouldFilterAllDispatcherTypes)
        Sets whether to filter all dispatcher types.
        Parameters:
        shouldFilterAllDispatcherTypes - should filter all dispatcher types. Default is false
        Since:
        5.7

      • isObserveOncePerRequest

        public boolean isObserveOncePerRequest()

      • setObserveOncePerRequest

        public void setObserveOncePerRequest​(boolean observeOncePerRequest)
        Sets whether this filter apply only once per request. By default, this is true, meaning the filter will only execute once per request. Sometimes users may wish it to execute more than once per request, such as when JSP forwards are being used and filter security is desired on each included fragment of the HTTP request.
        Parameters:
        observeOncePerRequest - whether the filter should only be applied once per request

      • setFilterErrorDispatch

        public void setFilterErrorDispatch​(boolean filterErrorDispatch)
        If set to true, the filter will be applied to error dispatcher. Defaults to false.
        Parameters:
        filterErrorDispatch - whether the filter should be applied to error dispatcher

      • setFilterAsyncDispatch

        public void setFilterAsyncDispatch​(boolean filterAsyncDispatch)
        If set to true, the filter will be applied to the async dispatcher. Defaults to false.
        Parameters:
        filterAsyncDispatch - whether the filter should be applied to async dispatch