List of usage examples for org.springframework.security.config.http MatcherType mvc
MatcherType mvc
To view the source code for org.springframework.security.config.http MatcherType mvc.
Click Source Link
From source file:org.springframework.security.config.http.FilterInvocationSecurityMetadataSourceParser.java
private static ManagedMap<BeanMetadataElement, BeanDefinition> parseInterceptUrlsForFilterInvocationRequestMap( MatcherType matcherType, List<Element> urlElts, boolean useExpressions, boolean addAuthenticatedAll, ParserContext parserContext) {//w w w . j ava 2 s . c o m ManagedMap<BeanMetadataElement, BeanDefinition> filterInvocationDefinitionMap = new ManagedMap<>(); for (Element urlElt : urlElts) { String access = urlElt.getAttribute(ATT_ACCESS); if (!StringUtils.hasText(access)) { continue; } String path = urlElt.getAttribute(ATT_PATTERN); String matcherRef = urlElt.getAttribute(ATT_REQUEST_MATCHER_REF); boolean hasMatcherRef = StringUtils.hasText(matcherRef); if (!hasMatcherRef && !StringUtils.hasText(path)) { parserContext.getReaderContext().error("path attribute cannot be empty or null", urlElt); } String method = urlElt.getAttribute(ATT_HTTP_METHOD); if (!StringUtils.hasText(method)) { method = null; } String servletPath = urlElt.getAttribute(ATT_SERVLET_PATH); if (!StringUtils.hasText(servletPath)) { servletPath = null; } else if (!MatcherType.mvc.equals(matcherType)) { parserContext.getReaderContext().error( ATT_SERVLET_PATH + " is not applicable for request-matcher: '" + matcherType.name() + "'", urlElt); } BeanMetadataElement matcher = hasMatcherRef ? new RuntimeBeanReference(matcherRef) : matcherType.createMatcher(parserContext, path, method, servletPath); BeanDefinitionBuilder attributeBuilder = BeanDefinitionBuilder.rootBeanDefinition(SecurityConfig.class); if (useExpressions) { logger.info("Creating access control expression attribute '" + access + "' for " + path); // The single expression will be parsed later by the // ExpressionBasedFilterInvocationSecurityMetadataSource attributeBuilder.addConstructorArgValue(new String[] { access }); attributeBuilder.setFactoryMethod("createList"); } else { attributeBuilder.addConstructorArgValue(access); attributeBuilder.setFactoryMethod("createListFromCommaDelimitedString"); } if (filterInvocationDefinitionMap.containsKey(matcher)) { logger.warn( "Duplicate URL defined: " + path + ". The original attribute values will be overwritten"); } filterInvocationDefinitionMap.put(matcher, attributeBuilder.getBeanDefinition()); } if (addAuthenticatedAll && filterInvocationDefinitionMap.isEmpty()) { BeanDefinition matcher = matcherType.createMatcher(parserContext, "/**", null); BeanDefinitionBuilder attributeBuilder = BeanDefinitionBuilder.rootBeanDefinition(SecurityConfig.class); attributeBuilder.addConstructorArgValue(new String[] { "authenticated" }); attributeBuilder.setFactoryMethod("createList"); filterInvocationDefinitionMap.put(matcher, attributeBuilder.getBeanDefinition()); } return filterInvocationDefinitionMap; }