Package org.springframework.web.servlet.handler

Class HandlerMappingIntrospector

java.lang.Object
org.springframework.web.servlet.handler.HandlerMappingIntrospector
All Implemented Interfaces:
org.springframework.beans.factory.Aware, org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationContextAware, org.springframework.web.cors.CorsConfigurationSource, org.springframework.web.cors.PreFlightRequestHandler
public class HandlerMappingIntrospector extends Object implements org.springframework.web.cors.CorsConfigurationSource, org.springframework.web.cors.PreFlightRequestHandler, org.springframework.context.ApplicationContextAware, org.springframework.beans.factory.InitializingBean
Helper class to get information from the HandlerMapping that would serve a specific request.

Provides the following methods:

Note that this is primarily an SPI to allow Spring Security to align its pattern matching with the same pattern matching that would be used in Spring MVC for a given request, in order to avoid security issues.

Use of this component incurs the performance overhead of mapping the request, and should not be repeated multiple times per request. createCacheFilter() exposes a Filter to cache the results. Applications that rely on Spring Security don't need to deploy this Filter since Spring Security doe that. However, other custom security layers, used in place of Spring Security that use this component should deploy the cache Filter with requirements described in the Javadoc for the method.

Since:
4.3.1
Author:
Rossen Stoyanchev

  • Constructor Details

    • HandlerMappingIntrospector

      public HandlerMappingIntrospector()

  • Method Details

    • setPatternCacheLimit

      public void setPatternCacheLimit(int patternCacheLimit)
      Set a limit on the maximum number of security patterns passed into MatchableHandlerMapping.match(jakarta.servlet.http.HttpServletRequest, java.lang.String) at runtime to cache.

      By default, this is set to 2048.

      Parameters:
      patternCacheLimit - the limit to use
      Since:
      6.2.8

    • getPatternCacheLimit

      public int getPatternCacheLimit()
      Return the configured limit on security patterns to cache.
      Since:
      6.2.8

    • setApplicationContext

      public void setApplicationContext(org.springframework.context.ApplicationContext applicationContext)
      Specified by:
      setApplicationContext in interface org.springframework.context.ApplicationContextAware

    • afterPropertiesSet

      public void afterPropertiesSet()
      Specified by:
      afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean

    • getHandlerMappings

      public List<HandlerMapping> getHandlerMappings()
      Return the configured or detected HandlerMappings.

    • allHandlerMappingsUsePathPatternParser

      public boolean allHandlerMappingsUsePathPatternParser()
      Return true if all HandlerMapping beans use parsed PathPatterns, and false if any don't.
      Since:
      6.2

    • handlePreFlight

      public void handlePreFlight(HttpServletRequest request, HttpServletResponse response) throws Exception
      Find the matching HandlerMapping for the request, and invoke the handler it returns as a PreFlightRequestHandler.
      Specified by:
      handlePreFlight in interface org.springframework.web.cors.PreFlightRequestHandler
      Throws:
      NoHandlerFoundException - if no handler matches the request
      Exception
      Since:
      6.2

    • createCacheFilter

      public Filter createCacheFilter()
      Filter that looks up the MatchableHandlerMapping and CorsConfiguration for the request proactively before delegating to the rest of the chain, caching the result in a request attribute, and restoring it after the chain returns.

      Note: Applications that rely on Spring Security do not use this component directly and should not deploy the filter instead allowing Spring Security to do it. Other custom security layers used in place of Spring Security that also rely on HandlerMappingIntrospector should deploy this filter ahead of other filters where lookups are performed, and should also make sure the filter is configured to handle all dispatcher types.

      Returns:
      the Filter instance to use
      Since:
      6.0.14

    • setCache

      @Nullable public HandlerMappingIntrospector.CachedResult setCache(HttpServletRequest request)
      Perform a lookup and save the HandlerMappingIntrospector.CachedResult as a request attribute. This method can be invoked from a filter before subsequent calls to getMatchableHandlerMapping(HttpServletRequest) and getCorsConfiguration(HttpServletRequest) to avoid repeated lookups.
      Parameters:
      request - the current request
      Returns:
      the previous HandlerMappingIntrospector.CachedResult, if there is one from a parent dispatch
      Since:
      6.0.14

    • resetCache

      public void resetCache(ServletRequest request, @Nullable HandlerMappingIntrospector.CachedResult cachedResult)
      Restore a previous HandlerMappingIntrospector.CachedResult. This method can be invoked from a filter after delegating to the rest of the chain.
      Since:
      6.0.14

    • getMatchableHandlerMapping

      @Nullable public MatchableHandlerMapping getMatchableHandlerMapping(HttpServletRequest request) throws Exception
      Find the HandlerMapping that would handle the given request and return a MatchableHandlerMapping to use for path matching.
      Parameters:
      request - the current request
      Returns:
      the resolved MatchableHandlerMapping, or null
      Throws:
      IllegalStateException - if the matching HandlerMapping is not an instance of MatchableHandlerMapping
      Exception - if any of the HandlerMapping's raise an exception

    • getCorsConfiguration

      @Nullable public org.springframework.web.cors.CorsConfiguration getCorsConfiguration(HttpServletRequest request)
      Specified by:
      getCorsConfiguration in interface org.springframework.web.cors.CorsConfigurationSource