Skip to content

Commit bf6e85e

Browse files
marcusdacoregiomarcusdacoregio
committed
Accept String varargs in securityMatcher
Issue gh-9159
1 parent ace8caa commit bf6e85e

File tree

1 file changed

+34
-15
lines changed
  • config/src/main/java/org/springframework/security/config/annotation/web/builders

1 file changed

+34
-15
lines changed

Diff for: config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java

+34-15
Original file line numberDiff line numberDiff line change
@@ -3599,12 +3599,12 @@ public HttpSecurity requestMatcher(RequestMatcher requestMatcher) {
35993599
* {@link HttpSecurity} will be invoked on. This method allows for easily invoking the
36003600
* {@link HttpSecurity} for multiple different {@link RequestMatcher} instances. If
36013601
* only a single {@link RequestMatcher} is necessary consider using
3602-
* {@link #securityMatcher(String)}, or {@link #securityMatcher(RequestMatcher)}.
3602+
* {@link #securityMatcher(String...)}, or {@link #securityMatcher(RequestMatcher)}.
36033603
*
36043604
* <p>
36053605
* Invoking {@link #securityMatchers()} will not override previous invocations of
36063606
* {@link #securityMatchers()}}, {@link #securityMatchers(Customizer)}
3607-
* {@link #securityMatcher(String)} and {@link #securityMatcher(RequestMatcher)}
3607+
* {@link #securityMatcher(String...)} and {@link #securityMatcher(RequestMatcher)}
36083608
* </p>
36093609
*
36103610
* <h3>Example Configurations</h3>
@@ -3720,12 +3720,12 @@ public RequestMatcherConfigurer securityMatchers() {
37203720
* {@link HttpSecurity} will be invoked on. This method allows for easily invoking the
37213721
* {@link HttpSecurity} for multiple different {@link RequestMatcher} instances. If
37223722
* only a single {@link RequestMatcher} is necessary consider using
3723-
* {@link #securityMatcher(String)}, or {@link #securityMatcher(RequestMatcher)}.
3723+
* {@link #securityMatcher(String...)}, or {@link #securityMatcher(RequestMatcher)}.
37243724
*
37253725
* <p>
37263726
* Invoking {@link #securityMatchers(Customizer)} will not override previous
37273727
* invocations of {@link #securityMatchers()}}, {@link #securityMatchers(Customizer)}
3728-
* {@link #securityMatcher(String)} and {@link #securityMatcher(RequestMatcher)}
3728+
* {@link #securityMatcher(String...)} and {@link #securityMatcher(RequestMatcher)}
37293729
* </p>
37303730
*
37313731
* <h3>Example Configurations</h3>
@@ -3849,12 +3849,12 @@ public HttpSecurity securityMatchers(Customizer<RequestMatcherConfigurer> reques
38493849
* invocations of {@link #requestMatchers()}, {@link #mvcMatcher(String)},
38503850
* {@link #antMatcher(String)}, {@link #regexMatcher(String)},
38513851
* {@link #requestMatcher(RequestMatcher)}, {@link #securityMatchers(Customizer)},
3852-
* {@link #securityMatchers()} and {@link #securityMatcher(String)}
3852+
* {@link #securityMatchers()} and {@link #securityMatcher(String...)}
38533853
* </p>
38543854
* @param requestMatcher the {@link RequestMatcher} to use (i.e. new
38553855
* AntPathRequestMatcher("/admin/**","GET") )
38563856
* @return the {@link HttpSecurity} for further customizations
3857-
* @see #securityMatcher(String)
3857+
* @see #securityMatcher(String...)
38583858
*/
38593859
public HttpSecurity securityMatcher(RequestMatcher requestMatcher) {
38603860
this.requestMatcher = requestMatcher;
@@ -3869,30 +3869,49 @@ public HttpSecurity securityMatcher(RequestMatcher requestMatcher) {
38693869
* {@link #securityMatchers(Customizer)} or {@link #securityMatcher(RequestMatcher)}.
38703870
*
38713871
* <p>
3872-
* Invoking {@link #securityMatcher(String)} will override previous invocations of
3872+
* Invoking {@link #securityMatcher(String...)} will override previous invocations of
38733873
* {@link #mvcMatcher(String)}}, {@link #requestMatchers()},
38743874
* {@link #antMatcher(String)}, {@link #regexMatcher(String)}, and
38753875
* {@link #requestMatcher(RequestMatcher)}.
38763876
* </p>
3877-
* @param pattern the pattern to match on (i.e. "/admin/**")
3877+
* @param patterns the pattern to match on (i.e. "/admin/**")
38783878
* @return the {@link HttpSecurity} for further customizations
38793879
* @see AntPathRequestMatcher
38803880
* @see MvcRequestMatcher
38813881
*/
3882-
public HttpSecurity securityMatcher(String pattern) {
3883-
if (!mvcPresent) {
3884-
this.requestMatcher = new AntPathRequestMatcher(pattern);
3882+
public HttpSecurity securityMatcher(String... patterns) {
3883+
if (mvcPresent) {
3884+
this.requestMatcher = new OrRequestMatcher(createMvcMatchers(patterns));
38853885
return this;
38863886
}
3887+
this.requestMatcher = new OrRequestMatcher(createAntMatchers(patterns));
3888+
return this;
3889+
}
3890+
3891+
private List<RequestMatcher> createAntMatchers(String... patterns) {
3892+
List<RequestMatcher> matchers = new ArrayList<>(patterns.length);
3893+
for (String pattern : patterns) {
3894+
matchers.add(new AntPathRequestMatcher(pattern));
3895+
}
3896+
return matchers;
3897+
}
3898+
3899+
private List<RequestMatcher> createMvcMatchers(String... mvcPatterns) {
3900+
ObjectPostProcessor<Object> opp = getContext().getBean(ObjectPostProcessor.class);
38873901
if (!getContext().containsBean(HANDLER_MAPPING_INTROSPECTOR_BEAN_NAME)) {
38883902
throw new NoSuchBeanDefinitionException("A Bean named " + HANDLER_MAPPING_INTROSPECTOR_BEAN_NAME
38893903
+ " of type " + HandlerMappingIntrospector.class.getName()
38903904
+ " is required to use MvcRequestMatcher. Please ensure Spring Security & Spring MVC are configured in a shared ApplicationContext.");
38913905
}
38923906
HandlerMappingIntrospector introspector = getContext().getBean(HANDLER_MAPPING_INTROSPECTOR_BEAN_NAME,
38933907
HandlerMappingIntrospector.class);
3894-
this.requestMatcher = new MvcRequestMatcher(introspector, pattern);
3895-
return this;
3908+
List<RequestMatcher> matchers = new ArrayList<>(mvcPatterns.length);
3909+
for (String mvcPattern : mvcPatterns) {
3910+
MvcRequestMatcher matcher = new MvcRequestMatcher(introspector, mvcPattern);
3911+
opp.postProcess(matcher);
3912+
matchers.add(matcher);
3913+
}
3914+
return matchers;
38963915
}
38973916

38983917
/**
@@ -3908,7 +3927,7 @@ public HttpSecurity securityMatcher(String pattern) {
39083927
* </p>
39093928
* @param antPattern the Ant Pattern to match on (i.e. "/admin/**")
39103929
* @return the {@link HttpSecurity} for further customizations
3911-
* @deprecated use {@link #securityMatcher(String)} instead
3930+
* @deprecated use {@link #securityMatcher(String...)} instead
39123931
* @see AntPathRequestMatcher
39133932
*/
39143933
@Deprecated
@@ -3929,7 +3948,7 @@ public HttpSecurity antMatcher(String antPattern) {
39293948
* </p>
39303949
* @param mvcPattern the Spring MVC Pattern to match on (i.e. "/admin/**")
39313950
* @return the {@link HttpSecurity} for further customizations
3932-
* @deprecated use {@link #securityMatcher(String)} instead
3951+
* @deprecated use {@link #securityMatcher(String...)} instead
39333952
* @see MvcRequestMatcher
39343953
*/
39353954
@Deprecated

0 commit comments

Comments
 (0)