UrlAuthorizationConfigurer (spring-security-config 5.7.11 API)

java.lang.Object
- org.springframework.security.config.annotation.SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,B>
- - org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer<C,H>
  - - org.springframework.security.config.annotation.web.configurers.AbstractInterceptUrlConfigurer<UrlAuthorizationConfigurer<H>,H>
    - - org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer<H>

Type Parameters:

H - the type of HttpSecurityBuilder that is being configured

All Implemented Interfaces:

SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,H>
```
public final class UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>
extends AbstractInterceptUrlConfigurer<UrlAuthorizationConfigurer<H>,H>
```
Adds URL based authorization using DefaultFilterInvocationSecurityMetadataSource. At least one RequestMapping needs to be mapped to ConfigAttribute's for this SecurityContextConfigurer to have meaning.
Security Filters

Usage includes applying the UrlAuthorizationConfigurer and then modifying the StandardInterceptUrlRegistry. For example:
```
 @Bean
 public SecurityFilterChain filterChain(HttpSecurity http, ApplicationContext context) throws Exception {
        http.apply(new UrlAuthorizationConfigurer<HttpSecurity>(context)).getRegistry()
                        .requestMatchers("/users**", "/sessions/**").hasRole("USER")
                        .requestMatchers("/signup").hasRole("ANONYMOUS").anyRequest().hasRole("USER");
 }
 
```
The following Filters are populated
- FilterSecurityInterceptor
Shared Objects Created
The following shared objects are populated to allow other SecurityConfigurer's to customize:
- FilterSecurityInterceptor
Shared Objects Used
The following shared objects are used:
- AuthenticationManager
Since:

3.2

See Also:

ExpressionUrlAuthorizationConfigurer

Nested Class Summary

Nested Classes
Modifier and Type	Class	Description
`class`	`UrlAuthorizationConfigurer.AuthorizedUrl`	Maps the specified `RequestMatcher` instances to `ConfigAttribute` instances.
`class`	`UrlAuthorizationConfigurer.MvcMatchersAuthorizedUrl`	An `UrlAuthorizationConfigurer.AuthorizedUrl` that allows optionally configuring the `MvcRequestMatcher.setMethod(HttpMethod)`
`class`	`UrlAuthorizationConfigurer.StandardInterceptUrlRegistry`

Nested classes/interfaces inherited from class org.springframework.security.config.annotation.web.configurers.AbstractInterceptUrlConfigurer
AbstractInterceptUrlConfigurer.AbstractInterceptUrlRegistry<R extends AbstractInterceptUrlConfigurer.AbstractInterceptUrlRegistry<R,T>,T>

Constructor Summary

Constructors
Constructor Description

UrlAuthorizationConfigurer(org.springframework.context.ApplicationContext context)

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`UrlAuthorizationConfigurer.StandardInterceptUrlRegistry`	`getRegistry()`	The StandardInterceptUrlRegistry is what users will interact with after applying the `UrlAuthorizationConfigurer`.
`UrlAuthorizationConfigurer<H>`	`withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor)`	Adds an `ObjectPostProcessor` for this class.

Methods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractInterceptUrlConfigurer
configure

Methods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer
disable

Methods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter
addObjectPostProcessor, and, getBuilder, init, postProcess, setBuilder

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - UrlAuthorizationConfigurer
```
public UrlAuthorizationConfigurer(org.springframework.context.ApplicationContext context)
```
- Method Detail
  - getRegistry
```
public UrlAuthorizationConfigurer.StandardInterceptUrlRegistry getRegistry()
```
    The StandardInterceptUrlRegistry is what users will interact with after applying the UrlAuthorizationConfigurer.
    
    Returns:
    
    the ExpressionUrlAuthorizationConfigurer for further customizations
  - withObjectPostProcessor
```
public UrlAuthorizationConfigurer<H> withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor)
```
    Adds an ObjectPostProcessor for this class.
    
    Overrides:
    
    withObjectPostProcessor in class AbstractHttpConfigurer<UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>,H extends HttpSecurityBuilder<H>>
    
    Parameters:
    
    objectPostProcessor -
    
    Returns:
    
    the UrlAuthorizationConfigurer for further customizations