Package com.vaadin.flow.spring.security.stateless

Class VaadinStatelessSecurityConfigurer<H extends org.springframework.security.config.annotation.web.HttpSecurityBuilder<H>>

java.lang.Object

org.springframework.security.config.annotation.SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,B>

org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer<VaadinStatelessSecurityConfigurer<H>,H>

com.vaadin.flow.spring.security.stateless.VaadinStatelessSecurityConfigurer<H>

Type Parameters:

H - the concrete HttpSecurityBuilder subclass

All Implemented Interfaces:

org.springframework.security.config.annotation.SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,H>

public final class VaadinStatelessSecurityConfigurer<H extends org.springframework.security.config.annotation.web.HttpSecurityBuilder<H>>
extends org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer<VaadinStatelessSecurityConfigurer<H>,H>

Enables authentication that relies on JWT instead of sessions.

Shared Objects Created

The following shared objects are populated:

• SecurityContextRepository is populated with a JwtSecurityContextRepository
• CsrfConfigurer.csrfTokenRepository(CsrfTokenRepository) is used to set LazyCsrfTokenRepository that delegates to CookieCsrfTokenRepository

Shared Objects Used

The following shared objects are used:

• VaadinDefaultRequestCache - if present, this uses VaadinDefaultRequestCache.setDelegateRequestCache(RequestCache) to delegate saving requests to CookieRequestCache
• VaadinSavedRequestAwareAuthenticationSuccessHandler - if present, this uses VaadinSavedRequestAwareAuthenticationSuccessHandler.setCsrfTokenRepository(CsrfTokenRepository) to allow the success handler to set the new csrf cookie

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
class	VaadinStatelessSecurityConfigurer.SecretKeyConfigurer	Enables configuring the secret key and the algorithm for the JWT signing and verification when using VaadinStatelessSecurityConfigurer.

Constructor Summary

Constructors

Constructor	Description
VaadinStatelessSecurityConfigurer()

Method Summary

Modifier and Type	Method	Description
void	configure(H http)
VaadinStatelessSecurityConfigurer<H>	expiresIn(long expiresIn)	Sets the lifetime of the JWT.
void	init(H http)
VaadinStatelessSecurityConfigurer<H>	issuer(String issuer)	Sets the issuer claim to use when issuing and verifying the JWT.
void	setSharedObjects(org.springframework.security.config.annotation.web.builders.HttpSecurity http)
VaadinStatelessSecurityConfigurer<H>.SecretKeyConfigurer	withSecretKey()	Specifies using a secret key for signing and verification.
VaadinStatelessSecurityConfigurer<H>	withSecretKey(org.springframework.security.config.Customizer<VaadinStatelessSecurityConfigurer<H>.SecretKeyConfigurer> customizer)	Specifies using a secret key for signing and verification.

Methods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer

disable, getSecurityContextHolderStrategy, withObjectPostProcessor

Methods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter

addObjectPostProcessor, and, getBuilder, postProcess, setBuilder

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

VaadinStatelessSecurityConfigurer

public VaadinStatelessSecurityConfigurer()

Method Details

setSharedObjects

public void setSharedObjects(org.springframework.security.config.annotation.web.builders.HttpSecurity http)

init

public void init(H http)

Specified by:

init in interface org.springframework.security.config.annotation.SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,H extends org.springframework.security.config.annotation.web.HttpSecurityBuilder<H>>

Overrides:

init in class org.springframework.security.config.annotation.SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,H extends org.springframework.security.config.annotation.web.HttpSecurityBuilder<H>>

configure

public void configure(H http)

Specified by:

configure in interface org.springframework.security.config.annotation.SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,H extends org.springframework.security.config.annotation.web.HttpSecurityBuilder<H>>

Overrides:

configure in class org.springframework.security.config.annotation.SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,H extends org.springframework.security.config.annotation.web.HttpSecurityBuilder<H>>

expiresIn

public VaadinStatelessSecurityConfigurer<H> expiresIn(long expiresIn)

Sets the lifetime of the JWT. The default is 1800 seconds.

Parameters:

expiresIn - the lifetime in seconds

Returns:

the VaadinStatelessSecurityConfigurer for further customization

issuer

public VaadinStatelessSecurityConfigurer<H> issuer(String issuer)

Sets the issuer claim to use when issuing and verifying the JWT.

Parameters:

issuer - string identifier or URL of the issuer

Returns:

the VaadinStatelessSecurityConfigurer for further customization

withSecretKey

public VaadinStatelessSecurityConfigurer<H>.SecretKeyConfigurer withSecretKey()

Specifies using a secret key for signing and verification.

Returns:

the VaadinStatelessSecurityConfigurer<H extends org.springframework.security.config.annotation.web.HttpSecurityBuilder<H>>.SecretKeyConfigurer

withSecretKey

public VaadinStatelessSecurityConfigurer<H> withSecretKey(org.springframework.security.config.Customizer<VaadinStatelessSecurityConfigurer<H>.SecretKeyConfigurer> customizer)

Specifies using a secret key for signing and verification.

Parameters:

customizer - the Customizer to provide configuration for the VaadinStatelessSecurityConfigurer<H extends org.springframework.security.config.annotation.web.HttpSecurityBuilder<H>>.SecretKeyConfigurer

Returns:

the VaadinStatelessSecurityConfigurer for further customization