Package org.springframework.security.web.access.intercept

Class AuthorizationFilter

java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.springframework.web.filter.OncePerRequestFilter
org.springframework.security.web.access.intercept.AuthorizationFilter
All Implemented Interfaces:
jakarta.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.EnvironmentAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware
public class AuthorizationFilter extends org.springframework.web.filter.OncePerRequestFilter
An authorization filter that restricts access to the URL using AuthorizationManager.
Since:
5.5

  • Constructor Details

    • AuthorizationFilter

      public AuthorizationFilter(AuthorizationManager<jakarta.servlet.http.HttpServletRequest> authorizationManager)
      Creates an instance.
      Parameters:
      authorizationManager - the AuthorizationManager to use

  • Method Details

    • doFilterInternal

      protected void doFilterInternal(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain filterChain) throws jakarta.servlet.ServletException, IOException
      Specified by:
      doFilterInternal in class org.springframework.web.filter.OncePerRequestFilter
      Throws:
      jakarta.servlet.ServletException
      IOException

    • setSecurityContextHolderStrategy

      public void setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy)
      Sets the SecurityContextHolderStrategy to use. The default action is to use the SecurityContextHolderStrategy stored in SecurityContextHolder.
      Since:
      5.8

    • doFilterNestedErrorDispatch

      protected void doFilterNestedErrorDispatch(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain filterChain) throws jakarta.servlet.ServletException, IOException
      Overrides:
      doFilterNestedErrorDispatch in class org.springframework.web.filter.OncePerRequestFilter
      Throws:
      jakarta.servlet.ServletException
      IOException

    • shouldNotFilterAsyncDispatch

      protected boolean shouldNotFilterAsyncDispatch()
      Overrides:
      shouldNotFilterAsyncDispatch in class org.springframework.web.filter.OncePerRequestFilter

    • shouldNotFilterErrorDispatch

      protected boolean shouldNotFilterErrorDispatch()
      Overrides:
      shouldNotFilterErrorDispatch in class org.springframework.web.filter.OncePerRequestFilter

    • setAuthorizationEventPublisher

      public void setAuthorizationEventPublisher(AuthorizationEventPublisher eventPublisher)
      Use this AuthorizationEventPublisher to publish AuthorizationDeniedEvents and AuthorizationGrantedEvents.
      Parameters:
      eventPublisher - the ApplicationEventPublisher to use
      Since:
      5.7

    • getAuthorizationManager

      public AuthorizationManager<jakarta.servlet.http.HttpServletRequest> getAuthorizationManager()
      Gets the AuthorizationManager used by this filter
      Returns:
      the AuthorizationManager

    • setShouldFilterAllDispatcherTypes

      public void setShouldFilterAllDispatcherTypes(boolean shouldFilterAllDispatcherTypes)
      Sets whether to filter all dispatcher types.
      Parameters:
      shouldFilterAllDispatcherTypes - should filter all dispatcher types. Default is true
      Since:
      5.7