Package org.springframework.security.web.access.intercept

Class AuthorizationFilter

java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.springframework.security.web.access.intercept.AuthorizationFilter
All Implemented Interfaces:
javax.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.EnvironmentAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware
public class AuthorizationFilter extends org.springframework.web.filter.GenericFilterBean
An authorization filter that restricts access to the URL using AuthorizationManager.
Since:
5.5

  • Constructor Details

    • AuthorizationFilter

      public AuthorizationFilter(AuthorizationManager<javax.servlet.http.HttpServletRequest> authorizationManager)
      Creates an instance.
      Parameters:
      authorizationManager - the AuthorizationManager to use

  • Method Details

    • doFilter

      public void doFilter(javax.servlet.ServletRequest servletRequest, javax.servlet.ServletResponse servletResponse, javax.servlet.FilterChain chain) throws javax.servlet.ServletException, IOException
      Throws:
      javax.servlet.ServletException
      IOException

    • setAuthorizationEventPublisher

      public void setAuthorizationEventPublisher(AuthorizationEventPublisher eventPublisher)
      Use this AuthorizationEventPublisher to publish AuthorizationDeniedEvents and AuthorizationGrantedEvents.
      Parameters:
      eventPublisher - the ApplicationEventPublisher to use
      Since:
      5.7

    • getAuthorizationManager

      public AuthorizationManager<javax.servlet.http.HttpServletRequest> getAuthorizationManager()
      Gets the AuthorizationManager used by this filter
      Returns:
      the AuthorizationManager

    • setShouldFilterAllDispatcherTypes

      public void setShouldFilterAllDispatcherTypes(boolean shouldFilterAllDispatcherTypes)
      Sets whether to filter all dispatcher types.
      Parameters:
      shouldFilterAllDispatcherTypes - should filter all dispatcher types. Default is false
      Since:
      5.7

    • isObserveOncePerRequest

      public boolean isObserveOncePerRequest()

    • setObserveOncePerRequest

      public void setObserveOncePerRequest(boolean observeOncePerRequest)
      Sets whether this filter apply only once per request. By default, this is true, meaning the filter will only execute once per request. Sometimes users may wish it to execute more than once per request, such as when JSP forwards are being used and filter security is desired on each included fragment of the HTTP request.
      Parameters:
      observeOncePerRequest - whether the filter should only be applied once per request

    • setFilterErrorDispatch

      public void setFilterErrorDispatch(boolean filterErrorDispatch)
      If set to true, the filter will be applied to error dispatcher. Defaults to false.
      Parameters:
      filterErrorDispatch - whether the filter should be applied to error dispatcher

    • setFilterAsyncDispatch

      public void setFilterAsyncDispatch(boolean filterAsyncDispatch)
      If set to true, the filter will be applied to the async dispatcher. Defaults to false.
      Parameters:
      filterAsyncDispatch - whether the filter should be applied to async dispatch