Class VaadinStatelessSecurityConfigurer<H extends org.springframework.security.config.annotation.web.HttpSecurityBuilder<H>>
java.lang.Object
org.springframework.security.config.annotation.SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,B>
org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer<VaadinStatelessSecurityConfigurer<H>,H>
com.vaadin.flow.spring.security.stateless.VaadinStatelessSecurityConfigurer<H>
- Type Parameters:
H
- the concreteHttpSecurityBuilder
subclass
- All Implemented Interfaces:
org.springframework.security.config.annotation.SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,
H>
public final class VaadinStatelessSecurityConfigurer<H extends org.springframework.security.config.annotation.web.HttpSecurityBuilder<H>>
extends org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer<VaadinStatelessSecurityConfigurer<H>,H>
Enables authentication that relies on JWT instead of sessions.
Shared Objects Created
The following shared objects are populated:SecurityContextRepository
is populated with aJwtSecurityContextRepository
CsrfConfigurer.csrfTokenRepository(CsrfTokenRepository)
is used to setLazyCsrfTokenRepository
that delegates toCookieCsrfTokenRepository
Shared Objects Used
The following shared objects are used:VaadinDefaultRequestCache
- if present, this usesVaadinDefaultRequestCache.setDelegateRequestCache(RequestCache)
to delegate saving requests toCookieRequestCache
VaadinSavedRequestAwareAuthenticationSuccessHandler
- if present, this usesVaadinSavedRequestAwareAuthenticationSuccessHandler.setCsrfTokenRepository(CsrfTokenRepository)
to allow the success handler to set the new csrf cookie
-
Nested Class Summary
Modifier and TypeClassDescriptionclass
Enables configuring the secret key and the algorithm for the JWT signing and verification when usingVaadinStatelessSecurityConfigurer
. -
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionvoid
expiresIn
(long expiresIn) Sets the lifetime of the JWT.void
Sets the issuer claim to use when issuing and verifying the JWT.void
setSharedObjects
(org.springframework.security.config.annotation.web.builders.HttpSecurity http) Specifies using a secret key for signing and verification.withSecretKey
(org.springframework.security.config.Customizer<VaadinStatelessSecurityConfigurer<H>.SecretKeyConfigurer> customizer) Specifies using a secret key for signing and verification.Methods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer
disable, getSecurityContextHolderStrategy, withObjectPostProcessor
Methods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter
addObjectPostProcessor, and, getBuilder, postProcess, setBuilder
-
Constructor Details
-
VaadinStatelessSecurityConfigurer
public VaadinStatelessSecurityConfigurer()
-
-
Method Details
-
init
- Specified by:
init
in interfaceorg.springframework.security.config.annotation.SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,
H extends org.springframework.security.config.annotation.web.HttpSecurityBuilder<H>> - Overrides:
init
in classorg.springframework.security.config.annotation.SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,
H extends org.springframework.security.config.annotation.web.HttpSecurityBuilder<H>>
-
configure
- Specified by:
configure
in interfaceorg.springframework.security.config.annotation.SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,
H extends org.springframework.security.config.annotation.web.HttpSecurityBuilder<H>> - Overrides:
configure
in classorg.springframework.security.config.annotation.SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,
H extends org.springframework.security.config.annotation.web.HttpSecurityBuilder<H>>
-
expiresIn
Sets the lifetime of the JWT. The default is 1800 seconds.- Parameters:
expiresIn
- the lifetime in seconds- Returns:
- the
VaadinStatelessSecurityConfigurer
for further customization
-
issuer
Sets the issuer claim to use when issuing and verifying the JWT.- Parameters:
issuer
- string identifier or URL of the issuer- Returns:
- the
VaadinStatelessSecurityConfigurer
for further customization
-
withSecretKey
Specifies using a secret key for signing and verification.- Returns:
- the
VaadinStatelessSecurityConfigurer<H extends org.springframework.security.config.annotation.web.HttpSecurityBuilder<H>>.SecretKeyConfigurer
-
withSecretKey
public VaadinStatelessSecurityConfigurer<H> withSecretKey(org.springframework.security.config.Customizer<VaadinStatelessSecurityConfigurer<H>.SecretKeyConfigurer> customizer) Specifies using a secret key for signing and verification.- Parameters:
customizer
- theCustomizer
to provide configuration for theVaadinStatelessSecurityConfigurer<H extends org.springframework.security.config.annotation.web.HttpSecurityBuilder<H>>.SecretKeyConfigurer
- Returns:
- the
VaadinStatelessSecurityConfigurer
for further customization