diff --git a/web/src/main/java/org/springframework/security/web/FilterChainProxy.java b/web/src/main/java/org/springframework/security/web/FilterChainProxy.java index 85b784d75f..1d07c49460 100644 --- a/web/src/main/java/org/springframework/security/web/FilterChainProxy.java +++ b/web/src/main/java/org/springframework/security/web/FilterChainProxy.java @@ -23,7 +23,6 @@ import org.springframework.security.web.firewall.HttpFirewall; import org.springframework.security.web.util.AnyRequestMatcher; import org.springframework.security.web.util.RequestMatcher; import org.springframework.security.web.util.UrlUtils; -import org.springframework.util.Assert; import org.springframework.web.filter.DelegatingFilterProxy; import org.springframework.web.filter.GenericFilterBean; @@ -49,21 +48,21 @@ import java.util.*; * *
- * As of version 3.1, {@code FilterChainProxy} is configured using an ordered Map of {@link RequestMatcher} instances - * to {@code List}s of {@code Filter}s. The Map instance will normally be created while parsing the namespace - * configuration, so doesn't have to be set explicitly. Instead the {@code <filter-chain-map>} - * element should be used within the bean declaration. - * This in turn should have a list of child {@code <filter-chain>} elements which each define a URI pattern and - * the list of filters (as comma-separated bean names) which should be applied to requests which match the pattern. - * The default pattern matching strategy is to use {@link org.springframework.security.web.util.AntPathRequestMatcher - * Ant-style paths}. An example configuration might look like this: + * As of version 3.1, {@code FilterChainProxy} is configured using a list of {@link SecurityFilterChain} instances, + * each of which contains a {@link RequestMatcher} and a list of filters which should be applied to matching requests. + * Most applications will only contain a single filter chain, and if you are using the namespace, you don't have to + * set the chains explicitly. If you require finer-grained control, you can make use of the {@code <filter-chain>} + * namespace element. This defines a URI pattern and the list of filters (as comma-separated bean names) which should be + * applied to requests which match the pattern. An example configuration might look like this: * *
- <bean id="myfilterChainProxy" class="org.springframework.security.util.FilterChjainProxy"> - <security:filter-chain-map request-matcher="ant"> - <security:filter-chain pattern="/do/not/filter*" filters="none"/> - <security:filter-chain pattern="/**" filters="filter1,filter2,filter3"/> - </security:filter-chain-map> + <bean id="myfilterChainProxy" class="org.springframework.security.util.FilterChainProxy"> + <constructor-arg> + <util:list> + <security:filter-chain pattern="/do/not/filter*" filters="none"/> + <security:filter-chain pattern="/**" filters="filter1,filter2,filter3"/> + </util:list> + </constructor-arg> </bean> ** @@ -126,7 +125,7 @@ public class FilterChainProxy extends GenericFilterBean { //~ Instance fields ================================================================================================ - private Map
+ * Used to configure a {@code FilterChainProxy}.
+ *
+ * @author Luke Taylor
+ *
+ * @since 3.1
+ */
+public final class SecurityFilterChain {
+ private final RequestMatcher requestMatcher;
+ private final List