Class AuthorizationFilter
java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.springframework.web.filter.OncePerRequestFilter
org.springframework.security.web.access.intercept.AuthorizationFilter
- All Implemented Interfaces:
jakarta.servlet.Filter
,org.springframework.beans.factory.Aware
,org.springframework.beans.factory.BeanNameAware
,org.springframework.beans.factory.DisposableBean
,org.springframework.beans.factory.InitializingBean
,org.springframework.context.EnvironmentAware
,org.springframework.core.env.EnvironmentCapable
,org.springframework.web.context.ServletContextAware
public class AuthorizationFilter
extends org.springframework.web.filter.OncePerRequestFilter
An authorization filter that restricts access to the URL using
AuthorizationManager
.- Since:
- 5.5
-
Field Summary
Fields inherited from class org.springframework.web.filter.OncePerRequestFilter
ALREADY_FILTERED_SUFFIX
Fields inherited from class org.springframework.web.filter.GenericFilterBean
logger
-
Constructor Summary
ConstructorDescriptionAuthorizationFilter
(AuthorizationManager<jakarta.servlet.http.HttpServletRequest> authorizationManager) Creates an instance. -
Method Summary
Modifier and TypeMethodDescriptionprotected void
doFilterInternal
(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain filterChain) protected void
doFilterNestedErrorDispatch
(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain filterChain) AuthorizationManager<jakarta.servlet.http.HttpServletRequest>
Gets theAuthorizationManager
used by this filtervoid
setAuthorizationEventPublisher
(AuthorizationEventPublisher eventPublisher) Use thisAuthorizationEventPublisher
to publishAuthorizationDeniedEvent
s andAuthorizationGrantedEvent
s.void
setSecurityContextHolderStrategy
(SecurityContextHolderStrategy securityContextHolderStrategy) Sets theSecurityContextHolderStrategy
to use.void
setShouldFilterAllDispatcherTypes
(boolean shouldFilterAllDispatcherTypes) Sets whether to filter all dispatcher types.protected boolean
protected boolean
Methods inherited from class org.springframework.web.filter.OncePerRequestFilter
doFilter, getAlreadyFilteredAttributeName, isAsyncDispatch, isAsyncStarted, shouldNotFilter
Methods inherited from class org.springframework.web.filter.GenericFilterBean
addRequiredProperty, afterPropertiesSet, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext
-
Constructor Details
-
AuthorizationFilter
public AuthorizationFilter(AuthorizationManager<jakarta.servlet.http.HttpServletRequest> authorizationManager) Creates an instance.- Parameters:
authorizationManager
- theAuthorizationManager
to use
-
-
Method Details
-
doFilterInternal
protected void doFilterInternal(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain filterChain) throws jakarta.servlet.ServletException, IOException - Specified by:
doFilterInternal
in classorg.springframework.web.filter.OncePerRequestFilter
- Throws:
jakarta.servlet.ServletException
IOException
-
setSecurityContextHolderStrategy
public void setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy) Sets theSecurityContextHolderStrategy
to use. The default action is to use theSecurityContextHolderStrategy
stored inSecurityContextHolder
.- Since:
- 5.8
-
doFilterNestedErrorDispatch
protected void doFilterNestedErrorDispatch(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain filterChain) throws jakarta.servlet.ServletException, IOException - Overrides:
doFilterNestedErrorDispatch
in classorg.springframework.web.filter.OncePerRequestFilter
- Throws:
jakarta.servlet.ServletException
IOException
-
shouldNotFilterAsyncDispatch
protected boolean shouldNotFilterAsyncDispatch()- Overrides:
shouldNotFilterAsyncDispatch
in classorg.springframework.web.filter.OncePerRequestFilter
-
shouldNotFilterErrorDispatch
protected boolean shouldNotFilterErrorDispatch()- Overrides:
shouldNotFilterErrorDispatch
in classorg.springframework.web.filter.OncePerRequestFilter
-
setAuthorizationEventPublisher
Use thisAuthorizationEventPublisher
to publishAuthorizationDeniedEvent
s andAuthorizationGrantedEvent
s.- Parameters:
eventPublisher
- theApplicationEventPublisher
to use- Since:
- 5.7
-
getAuthorizationManager
Gets theAuthorizationManager
used by this filter- Returns:
- the
AuthorizationManager
-
setShouldFilterAllDispatcherTypes
public void setShouldFilterAllDispatcherTypes(boolean shouldFilterAllDispatcherTypes) Sets whether to filter all dispatcher types.- Parameters:
shouldFilterAllDispatcherTypes
- should filter all dispatcher types. Default istrue
- Since:
- 5.7
-