org.springframework.boot.autoconfigure.security.servlet.StaticResourceRequest Maven / Gradle / Ivy
/*
* Copyright 2012-2018 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.boot.autoconfigure.security.servlet;
import java.util.EnumSet;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.servlet.http.HttpServletRequest;
import org.springframework.boot.autoconfigure.security.StaticResourceLocation;
import org.springframework.boot.autoconfigure.web.ServerProperties;
import org.springframework.boot.security.servlet.ApplicationContextRequestMatcher;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.OrRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.Assert;
/**
* Used to create a {@link RequestMatcher} for static resources in commonly used
* locations. Returned by {@link PathRequest#toStaticResources()}.
*
* @author Madhura Bhave
* @author Phillip Webb
* @since 2.0.0
* @see PathRequest
*/
public final class StaticResourceRequest {
static final StaticResourceRequest INSTANCE = new StaticResourceRequest();
private StaticResourceRequest() {
}
/**
* Returns a matcher that includes all commonly used {@link StaticResourceLocation
* Locations}. The
* {@link StaticResourceRequestMatcher#excluding(StaticResourceLocation, StaticResourceLocation...)
* excluding} method can be used to remove specific locations if required. For
* example:
* StaticResourceRequest.atCommonLocations().excluding(StaticResourceLocation.CSS)
*
* @return the configured {@link RequestMatcher}
*/
public StaticResourceRequestMatcher atCommonLocations() {
return at(EnumSet.allOf(StaticResourceLocation.class));
}
/**
* Returns a matcher that includes the specified {@link StaticResourceLocation
* Locations}. For example:
* StaticResourceRequest.at(StaticResourceLocation.CSS, StaticResourceLocation.JAVA_SCRIPT)
*
* @param first the first location to include
* @param rest additional locations to include
* @return the configured {@link RequestMatcher}
*/
public StaticResourceRequestMatcher at(StaticResourceLocation first,
StaticResourceLocation... rest) {
return at(EnumSet.of(first, rest));
}
/**
* Returns a matcher that includes the specified {@link StaticResourceLocation
* Locations}. For example:
* StaticResourceRequest.at(locations)
*
* @param locations the locations to include
* @return the configured {@link RequestMatcher}
*/
public StaticResourceRequestMatcher at(Set locations) {
Assert.notNull(locations, "Locations must not be null");
return new StaticResourceRequestMatcher(new LinkedHashSet<>(locations));
}
/**
* The request matcher used to match against resource {@link StaticResourceLocation
* Locations}.
*/
public static final class StaticResourceRequestMatcher
extends ApplicationContextRequestMatcher {
private final Set locations;
private volatile RequestMatcher delegate;
private StaticResourceRequestMatcher(Set locations) {
super(ServerProperties.class);
this.locations = locations;
}
/**
* Return a new {@link StaticResourceRequestMatcher} based on this one but
* excluding the specified locations.
* @param first the first location to exclude
* @param rest additional locations to exclude
* @return a new {@link StaticResourceRequestMatcher}
*/
public StaticResourceRequestMatcher excluding(StaticResourceLocation first,
StaticResourceLocation... rest) {
return excluding(EnumSet.of(first, rest));
}
/**
* Return a new {@link StaticResourceRequestMatcher} based on this one but
* excluding the specified locations.
* @param locations the locations to exclude
* @return a new {@link StaticResourceRequestMatcher}
*/
public StaticResourceRequestMatcher excluding(
Set locations) {
Assert.notNull(locations, "Locations must not be null");
Set subset = new LinkedHashSet<>(this.locations);
subset.removeAll(locations);
return new StaticResourceRequestMatcher(subset);
}
@Override
protected void initialized(Supplier serverProperties) {
this.delegate = new OrRequestMatcher(
getDelegateMatchers(serverProperties.get()));
}
private List getDelegateMatchers(
ServerProperties serverProperties) {
return getPatterns(serverProperties).map(AntPathRequestMatcher::new)
.collect(Collectors.toList());
}
private Stream getPatterns(ServerProperties serverProperties) {
return this.locations.stream().flatMap(StaticResourceLocation::getPatterns)
.map(serverProperties.getServlet()::getPath);
}
@Override
protected boolean matches(HttpServletRequest request,
Supplier context) {
return this.delegate.matches(request);
}
}
}