Package org.springframework.web.servlet.handler

Class HandlerMappingIntrospector

java.lang.Object

org.springframework.web.servlet.handler.HandlerMappingIntrospector

All Implemented Interfaces:

Aware, InitializingBean, ApplicationContextAware, CorsConfigurationSource, PreFlightRequestHandler

public class HandlerMappingIntrospector
extends Object
implements CorsConfigurationSource, PreFlightRequestHandler, ApplicationContextAware, InitializingBean

Helper class to get information from the HandlerMapping that would serve a specific request.

Provides the following methods:

• getMatchableHandlerMapping(jakarta.servlet.http.HttpServletRequest) — obtain a HandlerMapping to check request-matching criteria against.
• getCorsConfiguration(jakarta.servlet.http.HttpServletRequest) — obtain the CORS configuration for the request.

Note that this is primarily an SPI to allow Spring Security to align its pattern matching with the same pattern matching that would be used in Spring MVC for a given request, in order to avoid security issues.

Use of this component incurs the performance overhead of mapping the request, and should not be repeated multiple times per request. createCacheFilter() exposes a Filter to cache the results. Applications that rely on Spring Security don't need to deploy this Filter since Spring Security doe that. However, other custom security layers, used in place of Spring Security that use this component should deploy the cache Filter with requirements described in the Javadoc for the method.

Since:

4.3.1

Author:

Rossen Stoyanchev

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static final class	HandlerMappingIntrospector.CachedResult	Container for a MatchableHandlerMapping and CorsConfiguration for a given request matched by dispatcher type and requestURI.

Constructor Summary

Constructors

Constructor	Description
HandlerMappingIntrospector()

Method Summary

Modifier and Type	Method	Description
void	afterPropertiesSet()	Invoked by the containing BeanFactory after it has set all bean properties and satisfied BeanFactoryAware, ApplicationContextAware etc.
boolean	allHandlerMappingsUsePathPatternParser()	Return true if all HandlerMapping beans use parsed PathPatterns, and false if any don't.
Filter	createCacheFilter()	Filter that looks up the MatchableHandlerMapping and CorsConfiguration for the request proactively before delegating to the rest of the chain, caching the result in a request attribute, and restoring it after the chain returns.
CorsConfiguration	getCorsConfiguration(HttpServletRequest request)	Return a CorsConfiguration based on the incoming request.
List<HandlerMapping>	getHandlerMappings()	Return the configured or detected HandlerMappings.
MatchableHandlerMapping	getMatchableHandlerMapping(HttpServletRequest request)	Find the HandlerMapping that would handle the given request and return a MatchableHandlerMapping to use for path matching.
int	getPatternCacheLimit()	Return the configured limit on security patterns to cache.
void	handlePreFlight(HttpServletRequest request, HttpServletResponse response)	Find the matching HandlerMapping for the request, and invoke the handler it returns as a PreFlightRequestHandler.
void	resetCache(ServletRequest request, HandlerMappingIntrospector.CachedResult cachedResult)	Restore a previous HandlerMappingIntrospector.CachedResult.
void	setApplicationContext(ApplicationContext applicationContext)	Set the ApplicationContext that this object runs in.
HandlerMappingIntrospector.CachedResult	setCache(HttpServletRequest request)	Perform a lookup and save the HandlerMappingIntrospector.CachedResult as a request attribute.
void	setPatternCacheLimit(int patternCacheLimit)	Set a limit on the maximum number of security patterns passed into MatchableHandlerMapping.match(jakarta.servlet.http.HttpServletRequest, java.lang.String) at runtime to cache.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

HandlerMappingIntrospector

public HandlerMappingIntrospector()

Method Details

setPatternCacheLimit

public void setPatternCacheLimit(int patternCacheLimit)

Set a limit on the maximum number of security patterns passed into MatchableHandlerMapping.match(jakarta.servlet.http.HttpServletRequest, java.lang.String) at runtime to cache.

By default, this is set to 2048.

Parameters:

patternCacheLimit - the limit to use

Since:

6.2.8

getPatternCacheLimit

public int getPatternCacheLimit()

Return the configured limit on security patterns to cache.

Since:

6.2.8

setApplicationContext

public void setApplicationContext(ApplicationContext applicationContext)

Description copied from interface: ApplicationContextAware

Set the ApplicationContext that this object runs in. Normally this call will be used to initialize the object.

Invoked after population of normal bean properties but before an init callback such as InitializingBean.afterPropertiesSet() or a custom init-method. Invoked after ResourceLoaderAware.setResourceLoader(org.springframework.core.io.ResourceLoader), ApplicationEventPublisherAware.setApplicationEventPublisher(org.springframework.context.ApplicationEventPublisher) and MessageSourceAware, if applicable.

Specified by:

setApplicationContext in interface ApplicationContextAware

Parameters:

applicationContext - the ApplicationContext object to be used by this object

See Also:

• BeanInitializationException

afterPropertiesSet

public void afterPropertiesSet()

Description copied from interface: InitializingBean

Invoked by the containing BeanFactory after it has set all bean properties and satisfied BeanFactoryAware, ApplicationContextAware etc.

This method allows the bean instance to perform validation of its overall configuration and final initialization when all bean properties have been set.

Specified by:

afterPropertiesSet in interface InitializingBean

getHandlerMappings

public List<HandlerMapping> getHandlerMappings()

Return the configured or detected HandlerMappings.

allHandlerMappingsUsePathPatternParser

public boolean allHandlerMappingsUsePathPatternParser()

Return true if all HandlerMapping beans use parsed PathPatterns, and false if any don't.

Since:

6.2

handlePreFlight

public void handlePreFlight(HttpServletRequest request,
 HttpServletResponse response)
                     throws Exception

Find the matching HandlerMapping for the request, and invoke the handler it returns as a PreFlightRequestHandler.

Specified by:

handlePreFlight in interface PreFlightRequestHandler

Parameters:

request - current HTTP request

response - current HTTP response

Throws:

NoHandlerFoundException - if no handler matches the request

Exception

Since:

6.2

createCacheFilter

public Filter createCacheFilter()

Filter that looks up the MatchableHandlerMapping and CorsConfiguration for the request proactively before delegating to the rest of the chain, caching the result in a request attribute, and restoring it after the chain returns.

Note: Applications that rely on Spring Security do not use this component directly and should not deploy the filter instead allowing Spring Security to do it. Other custom security layers used in place of Spring Security that also rely on HandlerMappingIntrospector should deploy this filter ahead of other filters where lookups are performed, and should also make sure the filter is configured to handle all dispatcher types.

Returns:

the Filter instance to use

Since:

6.0.14

setCache

@Nullable
public HandlerMappingIntrospector.CachedResult setCache(HttpServletRequest request)

Perform a lookup and save the HandlerMappingIntrospector.CachedResult as a request attribute. This method can be invoked from a filter before subsequent calls to getMatchableHandlerMapping(HttpServletRequest) and getCorsConfiguration(HttpServletRequest) to avoid repeated lookups.

Parameters:

request - the current request

Returns:

the previous HandlerMappingIntrospector.CachedResult, if there is one from a parent dispatch

Since:

6.0.14

resetCache

public void resetCache(ServletRequest request,
 @Nullable
 HandlerMappingIntrospector.CachedResult cachedResult)

Restore a previous HandlerMappingIntrospector.CachedResult. This method can be invoked from a filter after delegating to the rest of the chain.

Since:

6.0.14

getMatchableHandlerMapping

@Nullable
public MatchableHandlerMapping getMatchableHandlerMapping(HttpServletRequest request)
                                                   throws Exception

Find the HandlerMapping that would handle the given request and return a MatchableHandlerMapping to use for path matching.

Parameters:

request - the current request

Returns:

the resolved MatchableHandlerMapping, or null

Throws:

IllegalStateException - if the matching HandlerMapping is not an instance of MatchableHandlerMapping

Exception - if any of the HandlerMapping's raise an exception

getCorsConfiguration

@Nullable
public CorsConfiguration getCorsConfiguration(HttpServletRequest request)

Description copied from interface: CorsConfigurationSource

Return a CorsConfiguration based on the incoming request.

Specified by:

getCorsConfiguration in interface CorsConfigurationSource

Returns:

the associated CorsConfiguration, or null if none