Package org.springframework.security.config.annotation.web.configurers

Class X509Configurer<H extends HttpSecurityBuilder<H>>

  • All Implemented Interfaces:
    SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,​H>
    public final class X509Configurer<H extends HttpSecurityBuilder<H>>
extends AbstractHttpConfigurer<X509Configurer<H>,​H>
    Adds X509 based pre authentication to an application. Since validating the certificate happens when the client connects, the requesting and validation of the client certificate should be performed by the container. Spring Security will then use the certificate to look up the Authentication for the user.

    Security Filters

    The following Filters are populated

    • X509AuthenticationFilter

    Shared Objects Created

    The following shared objects are created

    Shared Objects Used

    The following shared objects are used:

    • A UserDetailsService shared object is used if no AuthenticationUserDetailsService is specified
    Since:
    3.2

    • Constructor Detail

    • Method Detail

      • x509AuthenticationFilter

        public X509Configurer<H> x509AuthenticationFilter​(org.springframework.security.web.authentication.preauth.x509.X509AuthenticationFilter x509AuthenticationFilter)
        Allows specifying the entire X509AuthenticationFilter. If this is specified, the properties on X509Configurer will not be populated on the X509AuthenticationFilter.
        Parameters:
        x509AuthenticationFilter - the X509AuthenticationFilter to use
        Returns:
        the X509Configurer for further customizations

      • x509PrincipalExtractor

        public X509Configurer<H> x509PrincipalExtractor​(org.springframework.security.web.authentication.preauth.x509.X509PrincipalExtractor x509PrincipalExtractor)
        Specifies the X509PrincipalExtractor
        Parameters:
        x509PrincipalExtractor - the X509PrincipalExtractor to use
        Returns:
        the X509Configurer to use

      • authenticationDetailsSource

        public X509Configurer<H> authenticationDetailsSource​(org.springframework.security.authentication.AuthenticationDetailsSource<javax.servlet.http.HttpServletRequest,​org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails> authenticationDetailsSource)
        Specifies the AuthenticationDetailsSource
        Parameters:
        authenticationDetailsSource - the AuthenticationDetailsSource to use
        Returns:
        the X509Configurer to use

      • authenticationUserDetailsService

        public X509Configurer<H> authenticationUserDetailsService​(org.springframework.security.core.userdetails.AuthenticationUserDetailsService<org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken> authenticationUserDetailsService)
        Specifies the AuthenticationUserDetailsService to use. If not specified, then the UserDetailsService bean will be used by default.
        Parameters:
        authenticationUserDetailsService - the AuthenticationUserDetailsService to use
        Returns:
        the X509Configurer for further customizations

      • subjectPrincipalRegex

        public X509Configurer<H> subjectPrincipalRegex​(java.lang.String subjectPrincipalRegex)
        Specifies the regex to extract the principal from the certificate. If not specified, the default expression from SubjectDnX509PrincipalExtractor is used.
        Parameters:
        subjectPrincipalRegex - the regex to extract the user principal from the certificate (i.e. "CN=(.*?)(?:,|$)").
        Returns:
        the X509Configurer for further customizations