Package org.springframework.security.config.annotation.web.configurers.openid

Class OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>>

java.lang.Object

org.springframework.security.config.annotation.SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,B>

org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer<T,B>

org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer<H,OpenIDLoginConfigurer<H>,org.springframework.security.openid.OpenIDAuthenticationFilter>

org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer<H>

All Implemented Interfaces:

SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,H>

@Deprecated
public final class OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>>
extends AbstractAuthenticationFilterConfigurer<H,OpenIDLoginConfigurer<H>,org.springframework.security.openid.OpenIDAuthenticationFilter>

Deprecated.

The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported by spring-security-oauth2.

Adds support for OpenID based authentication.

Example Configuration

 @Configuration
 @EnableWebSecurity
 public class OpenIDLoginConfig {

        @Bean
        public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
                http
                        .authorizeRequests()
                                .antMatchers("/**").hasRole("USER")
                                .and()
                        .openidLogin()
                                .permitAll();
                return http.build();
        }

        @Bean
        public UserDetailsService userDetailsService() {
                UserDetails user = User.withDefaultPasswordEncoder()
                        .username("https://www.google.com/accounts/o8/id?id=lmkCn9xzPdsxVwG7pjYMuDgNNdASFmobNkcRPaWU")
                        .password("password")
                        .roles("USER")
                        .build();
                return new InMemoryUserDetailsManager(user);
        }
 }
 

Security Filters

The following Filters are populated

• OpenIDAuthenticationFilter

Shared Objects Created

• AuthenticationEntryPoint is populated with a LoginUrlAuthenticationEntryPoint
• An OpenIDAuthenticationProvider is populated into HttpSecurity.authenticationProvider(org.springframework.security.authentication.AuthenticationProvider)

Shared Objects Used

The following shared objects are used:

• AuthenticationManager
• RememberMeServices - is optionally used. See RememberMeConfigurer
• SessionAuthenticationStrategy - is optionally used. See SessionManagementConfigurer

Since:

3.2

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
class	OpenIDLoginConfigurer.AttributeExchangeConfigurer	Deprecated. A class used to add OpenID attributes to look up

Constructor Summary

Constructors

Constructor	Description
OpenIDLoginConfigurer()	Deprecated. Creates a new instance

Method Summary

Modifier and Type	Method	Description
OpenIDLoginConfigurer.AttributeExchangeConfigurer	attributeExchange(java.lang.String identifierPattern)	Deprecated. Sets up OpenID attribute exchange for OpenID's matching the specified pattern.
OpenIDLoginConfigurer<H>	attributeExchange(Customizer<OpenIDLoginConfigurer.AttributeExchangeConfigurer> attributeExchangeCustomizer)	Deprecated. Sets up OpenID attribute exchange for OpenIDs matching the specified pattern.
OpenIDLoginConfigurer<H>	authenticationUserDetailsService(org.springframework.security.core.userdetails.AuthenticationUserDetailsService<org.springframework.security.openid.OpenIDAuthenticationToken> authenticationUserDetailsService)	Deprecated. The AuthenticationUserDetailsService to use.
void	configure(H http)	Deprecated. Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.
OpenIDLoginConfigurer<H>	consumer(org.springframework.security.openid.OpenIDConsumer consumer)	Deprecated. Allows specifying the OpenIDConsumer to be used.
OpenIDLoginConfigurer<H>	consumerManager(org.openid4java.consumer.ConsumerManager consumerManager)	Deprecated. Allows specifying the ConsumerManager to be used.
protected org.springframework.security.web.util.matcher.RequestMatcher	createLoginProcessingUrlMatcher(java.lang.String loginProcessingUrl)	Deprecated. Create the RequestMatcher given a loginProcessingUrl
void	init(H http)	Deprecated. Initialize the SecurityBuilder.
OpenIDLoginConfigurer<H>	loginPage(java.lang.String loginPage)	Deprecated. Specifies the URL to send users to if login is required.
OpenIDLoginConfigurer<H>	loginProcessingUrl(java.lang.String loginProcessingUrl)	Deprecated. Specifies the URL used to authenticate OpenID requests.

Methods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer

authenticationDetailsSource, defaultSuccessUrl, defaultSuccessUrl, failureHandler, failureUrl, getAuthenticationEntryPoint, getAuthenticationEntryPointMatcher, getAuthenticationFilter, getFailureUrl, getLoginPage, getLoginProcessingUrl, isCustomLoginPage, permitAll, permitAll, registerAuthenticationEntryPoint, registerDefaultAuthenticationEntryPoint, securityContextRepository, setAuthenticationFilter, successHandler, updateAccessDefaults, updateAuthenticationDefaults

Methods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer

disable, getSecurityContextHolderStrategy, withObjectPostProcessor

Methods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter

addObjectPostProcessor, and, getBuilder, postProcess, setBuilder

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

OpenIDLoginConfigurer

public OpenIDLoginConfigurer()

Deprecated.

Creates a new instance

Method Detail

attributeExchange

public OpenIDLoginConfigurer.AttributeExchangeConfigurer attributeExchange(java.lang.String identifierPattern)

Deprecated.

Sets up OpenID attribute exchange for OpenID's matching the specified pattern.

Parameters:

identifierPattern - the regular expression for matching on OpenID's (i.e. "https://www.google.com/.*", ".*yahoo.com.*", etc)

Returns:

a OpenIDLoginConfigurer.AttributeExchangeConfigurer for further customizations of the attribute exchange

attributeExchange

public OpenIDLoginConfigurer<H> attributeExchange(Customizer<OpenIDLoginConfigurer.AttributeExchangeConfigurer> attributeExchangeCustomizer)

Deprecated.

Sets up OpenID attribute exchange for OpenIDs matching the specified pattern. The default pattern is ".*", it can be specified using OpenIDLoginConfigurer.AttributeExchangeConfigurer.identifierPattern(String)

Parameters:

attributeExchangeCustomizer - the Customizer to provide more options for the OpenIDLoginConfigurer.AttributeExchangeConfigurer

Returns:

a OpenIDLoginConfigurer for further customizations

consumer

public OpenIDLoginConfigurer<H> consumer(org.springframework.security.openid.OpenIDConsumer consumer)

Deprecated.

Allows specifying the OpenIDConsumer to be used. The default is using an OpenID4JavaConsumer.

Parameters:

consumer - the OpenIDConsumer to be used

Returns:

the OpenIDLoginConfigurer for further customizations

consumerManager

public OpenIDLoginConfigurer<H> consumerManager(org.openid4java.consumer.ConsumerManager consumerManager)

Deprecated.

Allows specifying the ConsumerManager to be used. If specified, will be populated into an OpenID4JavaConsumer.

This is a shortcut for specifying the OpenID4JavaConsumer with a specific ConsumerManager on consumer(OpenIDConsumer).

Parameters:

consumerManager - the ConsumerManager to use. Cannot be null.

Returns:

the OpenIDLoginConfigurer for further customizations

authenticationUserDetailsService

public OpenIDLoginConfigurer<H> authenticationUserDetailsService(org.springframework.security.core.userdetails.AuthenticationUserDetailsService<org.springframework.security.openid.OpenIDAuthenticationToken> authenticationUserDetailsService)

Deprecated.

The AuthenticationUserDetailsService to use. By default a UserDetailsByNameServiceWrapper is used with the UserDetailsService shared object found with AbstractConfiguredSecurityBuilder.getSharedObject(Class).

Parameters:

authenticationUserDetailsService - the AuthenticationDetailsSource to use

Returns:

the OpenIDLoginConfigurer for further customizations

loginProcessingUrl

public OpenIDLoginConfigurer<H> loginProcessingUrl(java.lang.String loginProcessingUrl)

Deprecated.

Specifies the URL used to authenticate OpenID requests. If the HttpServletRequest matches this URL the OpenIDAuthenticationFilter will attempt to authenticate the request. The default is "/login/openid".

Overrides:

loginProcessingUrl in class AbstractAuthenticationFilterConfigurer<H extends HttpSecurityBuilder<H>,OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>>,org.springframework.security.openid.OpenIDAuthenticationFilter>

Parameters:

loginProcessingUrl - the URL used to perform authentication

Returns:

the OpenIDLoginConfigurer for additional customization

loginPage

public OpenIDLoginConfigurer<H> loginPage(java.lang.String loginPage)

Deprecated.

Specifies the URL to send users to if login is required. If used with EnableWebSecurity a default login page will be generated when this attribute is not specified.

If a URL is specified or this is not being used in conjunction with EnableWebSecurity, users are required to process the specified URL to generate a login page.

• It must be an HTTP POST
• It must be submitted to loginProcessingUrl(String)
• It should include the OpenID as an HTTP parameter by the name of OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD

Impact on other defaults

Updating this value, also impacts a number of other default values. For example, the following are the default values when only formLogin() was specified.

• /login GET - the login form
• /login POST - process the credentials and if valid authenticate the user
• /login?error GET - redirect here for failed authentication attempts
• /login?logout GET - redirect here after successfully logging out

If "/authenticate" was passed to this method it update the defaults as shown below:

• /authenticate GET - the login form
• /authenticate POST - process the credentials and if valid authenticate the user
• /authenticate?error GET - redirect here for failed authentication attempts
• /authenticate?logout GET - redirect here after successfully logging out

Overrides:

loginPage in class AbstractAuthenticationFilterConfigurer<H extends HttpSecurityBuilder<H>,OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>>,org.springframework.security.openid.OpenIDAuthenticationFilter>

Parameters:

loginPage - the login page to redirect to if authentication is required (i.e. "/login")

Returns:

the FormLoginConfigurer for additional customization

init

public void init(H http)
          throws java.lang.Exception

Deprecated.

Description copied from interface: SecurityConfigurer

Initialize the SecurityBuilder. Here only shared state should be created and modified, but not properties on the SecurityBuilder used for building the object. This ensures that the SecurityConfigurer.configure(SecurityBuilder) method uses the correct shared objects when building. Configurers should be applied here.

Specified by:

init in interface SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>

Overrides:

init in class AbstractAuthenticationFilterConfigurer<H extends HttpSecurityBuilder<H>,OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>>,org.springframework.security.openid.OpenIDAuthenticationFilter>

Throws:

java.lang.Exception

configure

public void configure(H http)
               throws java.lang.Exception

Deprecated.

Description copied from interface: SecurityConfigurer

Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.

Specified by:

configure in interface SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>

Overrides:

configure in class AbstractAuthenticationFilterConfigurer<H extends HttpSecurityBuilder<H>,OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>>,org.springframework.security.openid.OpenIDAuthenticationFilter>

Throws:

java.lang.Exception

createLoginProcessingUrlMatcher

protected org.springframework.security.web.util.matcher.RequestMatcher createLoginProcessingUrlMatcher(java.lang.String loginProcessingUrl)

Deprecated.

Description copied from class: AbstractAuthenticationFilterConfigurer

Create the RequestMatcher given a loginProcessingUrl

Specified by:

createLoginProcessingUrlMatcher in class AbstractAuthenticationFilterConfigurer<H extends HttpSecurityBuilder<H>,OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>>,org.springframework.security.openid.OpenIDAuthenticationFilter>

Parameters:

loginProcessingUrl - creates the RequestMatcher based upon the loginProcessingUrl

Returns:

the RequestMatcher to use based upon the loginProcessingUrl