Example usage for org.springframework.security.config.http MatcherType mvc

List of usage examples for org.springframework.security.config.http MatcherType mvc

  1. HOME
  2. Java
  3. org.springframework
  4. org.springframework.security.config.http.*
  5. MatcherType
  6. mvc

Introduction

In this page you can find the example usage for org.springframework.security.config.http MatcherType mvc.

Prototype

MatcherType mvc

To view the source code for org.springframework.security.config.http MatcherType mvc.

Click Source Link

Usage

From source file:org.springframework.security.config.http.FilterInvocationSecurityMetadataSourceParser.java

private static ManagedMap<BeanMetadataElement, BeanDefinition> parseInterceptUrlsForFilterInvocationRequestMap(
        MatcherType matcherType, List<Element> urlElts, boolean useExpressions, boolean addAuthenticatedAll,
        ParserContext parserContext) {//w  w w  . j ava 2 s .  c  o  m

    ManagedMap<BeanMetadataElement, BeanDefinition> filterInvocationDefinitionMap = new ManagedMap<>();

    for (Element urlElt : urlElts) {
        String access = urlElt.getAttribute(ATT_ACCESS);
        if (!StringUtils.hasText(access)) {
            continue;
        }

        String path = urlElt.getAttribute(ATT_PATTERN);
        String matcherRef = urlElt.getAttribute(ATT_REQUEST_MATCHER_REF);
        boolean hasMatcherRef = StringUtils.hasText(matcherRef);

        if (!hasMatcherRef && !StringUtils.hasText(path)) {
            parserContext.getReaderContext().error("path attribute cannot be empty or null", urlElt);
        }

        String method = urlElt.getAttribute(ATT_HTTP_METHOD);
        if (!StringUtils.hasText(method)) {
            method = null;
        }

        String servletPath = urlElt.getAttribute(ATT_SERVLET_PATH);
        if (!StringUtils.hasText(servletPath)) {
            servletPath = null;
        } else if (!MatcherType.mvc.equals(matcherType)) {
            parserContext.getReaderContext().error(
                    ATT_SERVLET_PATH + " is not applicable for request-matcher: '" + matcherType.name() + "'",
                    urlElt);
        }

        BeanMetadataElement matcher = hasMatcherRef ? new RuntimeBeanReference(matcherRef)
                : matcherType.createMatcher(parserContext, path, method, servletPath);
        BeanDefinitionBuilder attributeBuilder = BeanDefinitionBuilder.rootBeanDefinition(SecurityConfig.class);

        if (useExpressions) {
            logger.info("Creating access control expression attribute '" + access + "' for " + path);
            // The single expression will be parsed later by the
            // ExpressionBasedFilterInvocationSecurityMetadataSource
            attributeBuilder.addConstructorArgValue(new String[] { access });
            attributeBuilder.setFactoryMethod("createList");

        } else {
            attributeBuilder.addConstructorArgValue(access);
            attributeBuilder.setFactoryMethod("createListFromCommaDelimitedString");
        }

        if (filterInvocationDefinitionMap.containsKey(matcher)) {
            logger.warn(
                    "Duplicate URL defined: " + path + ". The original attribute values will be overwritten");
        }

        filterInvocationDefinitionMap.put(matcher, attributeBuilder.getBeanDefinition());
    }

    if (addAuthenticatedAll && filterInvocationDefinitionMap.isEmpty()) {

        BeanDefinition matcher = matcherType.createMatcher(parserContext, "/**", null);
        BeanDefinitionBuilder attributeBuilder = BeanDefinitionBuilder.rootBeanDefinition(SecurityConfig.class);
        attributeBuilder.addConstructorArgValue(new String[] { "authenticated" });
        attributeBuilder.setFactoryMethod("createList");
        filterInvocationDefinitionMap.put(matcher, attributeBuilder.getBeanDefinition());
    }

    return filterInvocationDefinitionMap;
}