Package org.springframework.security.web.access.intercept

Class AuthorizationFilter

  • All Implemented Interfaces:
    javax.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.EnvironmentAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware
    public class AuthorizationFilter
extends org.springframework.web.filter.OncePerRequestFilter
    An authorization filter that restricts access to the URL using AuthorizationManager.
    Since:
    5.5

    • Field Summary

      • Fields inherited from class org.springframework.web.filter.OncePerRequestFilter

        ALREADY_FILTERED_SUFFIX

      • Fields inherited from class org.springframework.web.filter.GenericFilterBean

        logger

    • Constructor Summary

      Constructors 
      Constructor Description
      AuthorizationFilter​(org.springframework.security.authorization.AuthorizationManager<javax.servlet.http.HttpServletRequest> authorizationManager)
      Creates an instance.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      protected void doFilterInternal​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain filterChain)  
      protected void doFilterNestedErrorDispatch​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain filterChain)  
      org.springframework.security.authorization.AuthorizationManager<javax.servlet.http.HttpServletRequest> getAuthorizationManager()
      Gets the AuthorizationManager used by this filter
      void setAuthorizationEventPublisher​(org.springframework.security.authorization.AuthorizationEventPublisher eventPublisher)
      Use this AuthorizationEventPublisher to publish AuthorizationDeniedEvents and AuthorizationGrantedEvents.
      void setShouldFilterAllDispatcherTypes​(boolean shouldFilterAllDispatcherTypes)
      Sets whether to filter all dispatcher types.
      protected boolean shouldNotFilterAsyncDispatch()  
      protected boolean shouldNotFilterErrorDispatch()  

      • Methods inherited from class org.springframework.web.filter.OncePerRequestFilter

        doFilter, getAlreadyFilteredAttributeName, isAsyncDispatch, isAsyncStarted, shouldNotFilter

      • Methods inherited from class org.springframework.web.filter.GenericFilterBean

        addRequiredProperty, afterPropertiesSet, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • AuthorizationFilter

        public AuthorizationFilter​(org.springframework.security.authorization.AuthorizationManager<javax.servlet.http.HttpServletRequest> authorizationManager)
        Creates an instance.
        Parameters:
        authorizationManager - the AuthorizationManager to use

    • Method Detail

      • doFilterInternal

        protected void doFilterInternal​(javax.servlet.http.HttpServletRequest request,
                                javax.servlet.http.HttpServletResponse response,
                                javax.servlet.FilterChain filterChain)
                         throws javax.servlet.ServletException,
                                java.io.IOException
        Specified by:
        doFilterInternal in class org.springframework.web.filter.OncePerRequestFilter
        Throws:
        javax.servlet.ServletException
        java.io.IOException

      • doFilterNestedErrorDispatch

        protected void doFilterNestedErrorDispatch​(javax.servlet.http.HttpServletRequest request,
                                           javax.servlet.http.HttpServletResponse response,
                                           javax.servlet.FilterChain filterChain)
                                    throws javax.servlet.ServletException,
                                           java.io.IOException
        Overrides:
        doFilterNestedErrorDispatch in class org.springframework.web.filter.OncePerRequestFilter
        Throws:
        javax.servlet.ServletException
        java.io.IOException

      • shouldNotFilterAsyncDispatch

        protected boolean shouldNotFilterAsyncDispatch()
        Overrides:
        shouldNotFilterAsyncDispatch in class org.springframework.web.filter.OncePerRequestFilter

      • shouldNotFilterErrorDispatch

        protected boolean shouldNotFilterErrorDispatch()
        Overrides:
        shouldNotFilterErrorDispatch in class org.springframework.web.filter.OncePerRequestFilter

      • setAuthorizationEventPublisher

        public void setAuthorizationEventPublisher​(org.springframework.security.authorization.AuthorizationEventPublisher eventPublisher)
        Use this AuthorizationEventPublisher to publish AuthorizationDeniedEvents and AuthorizationGrantedEvents.
        Parameters:
        eventPublisher - the ApplicationEventPublisher to use
        Since:
        5.7

      • getAuthorizationManager

        public org.springframework.security.authorization.AuthorizationManager<javax.servlet.http.HttpServletRequest> getAuthorizationManager()
        Gets the AuthorizationManager used by this filter
        Returns:
        the AuthorizationManager

      • setShouldFilterAllDispatcherTypes

        public void setShouldFilterAllDispatcherTypes​(boolean shouldFilterAllDispatcherTypes)
        Sets whether to filter all dispatcher types.
        Parameters:
        shouldFilterAllDispatcherTypes - should filter all dispatcher types. Default is false
        Since:
        5.7