Class AbstractAuthenticationFilterConfigurer<B extends HttpSecurityBuilder<B>,T extends AbstractAuthenticationFilterConfigurer<B,T,F>,F extends org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter>
- java.lang.Object
-
- org.springframework.security.config.annotation.SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,B>
-
- org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer<T,B>
-
- org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer<B,T,F>
-
- All Implemented Interfaces:
SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,B>
- Direct Known Subclasses:
FormLoginConfigurer
,OAuth2LoginConfigurer
,OpenIDLoginConfigurer
,Saml2LoginConfigurer
public abstract class AbstractAuthenticationFilterConfigurer<B extends HttpSecurityBuilder<B>,T extends AbstractAuthenticationFilterConfigurer<B,T,F>,F extends org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter> extends AbstractHttpConfigurer<T,B>
Base class for configuringAbstractAuthenticationFilterConfigurer
. This is intended for internal use only.- Since:
- 3.2
- See Also:
FormLoginConfigurer
,OpenIDLoginConfigurer
-
-
Constructor Summary
Constructors Modifier Constructor Description protected
AbstractAuthenticationFilterConfigurer()
Creates a new instance with minimal defaultsprotected
AbstractAuthenticationFilterConfigurer(F authenticationFilter, java.lang.String defaultLoginProcessingUrl)
Creates a new instance
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description T
authenticationDetailsSource(org.springframework.security.authentication.AuthenticationDetailsSource<javax.servlet.http.HttpServletRequest,?> authenticationDetailsSource)
Specifies a customAuthenticationDetailsSource
.void
configure(B http)
Configure theSecurityBuilder
by setting the necessary properties on theSecurityBuilder
.protected abstract org.springframework.security.web.util.matcher.RequestMatcher
createLoginProcessingUrlMatcher(java.lang.String loginProcessingUrl)
Create theRequestMatcher
given a loginProcessingUrlT
defaultSuccessUrl(java.lang.String defaultSuccessUrl)
Specifies where users will be redirected after authenticating successfully if they have not visited a secured page prior to authenticating.T
defaultSuccessUrl(java.lang.String defaultSuccessUrl, boolean alwaysUse)
Specifies where users will be redirected after authenticating successfully if they have not visited a secured page prior to authenticating oralwaysUse
is true.T
failureHandler(org.springframework.security.web.authentication.AuthenticationFailureHandler authenticationFailureHandler)
Specifies theAuthenticationFailureHandler
to use when authentication fails.T
failureUrl(java.lang.String authenticationFailureUrl)
The URL to send users if authentication fails.protected org.springframework.security.web.AuthenticationEntryPoint
getAuthenticationEntryPoint()
Gets the Authentication Entry Pointprotected org.springframework.security.web.util.matcher.RequestMatcher
getAuthenticationEntryPointMatcher(B http)
protected F
getAuthenticationFilter()
Gets the Authentication Filterprotected java.lang.String
getFailureUrl()
Gets the URL to send users to if authentication failsprotected java.lang.String
getLoginPage()
Gets the login pageprotected java.lang.String
getLoginProcessingUrl()
Gets the URL to submit an authentication request to (i.e.void
init(B http)
Initialize theSecurityBuilder
.boolean
isCustomLoginPage()
protected T
loginPage(java.lang.String loginPage)
Specifies the URL to send users to if login is required.T
loginProcessingUrl(java.lang.String loginProcessingUrl)
Specifies the URL to validate the credentials.T
permitAll()
Equivalent of invoking permitAll(true)T
permitAll(boolean permitAll)
Ensures the urls forfailureUrl(String)
as well as for theHttpSecurityBuilder
, thegetLoginPage()
andgetLoginProcessingUrl()
are granted access to any user.protected void
registerAuthenticationEntryPoint(B http, org.springframework.security.web.AuthenticationEntryPoint authenticationEntryPoint)
protected void
registerDefaultAuthenticationEntryPoint(B http)
T
securityContextRepository(org.springframework.security.web.context.SecurityContextRepository securityContextRepository)
protected void
setAuthenticationFilter(F authFilter)
Sets the Authentication FilterT
successHandler(org.springframework.security.web.authentication.AuthenticationSuccessHandler successHandler)
Specifies theAuthenticationSuccessHandler
to be used.protected void
updateAccessDefaults(B http)
Updates the default values for access.protected void
updateAuthenticationDefaults()
Updates the default values for authentication.-
Methods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer
disable, getSecurityContextHolderStrategy, withObjectPostProcessor
-
Methods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter
addObjectPostProcessor, and, getBuilder, postProcess, setBuilder
-
-
-
-
Constructor Detail
-
AbstractAuthenticationFilterConfigurer
protected AbstractAuthenticationFilterConfigurer()
Creates a new instance with minimal defaults
-
AbstractAuthenticationFilterConfigurer
protected AbstractAuthenticationFilterConfigurer(F authenticationFilter, java.lang.String defaultLoginProcessingUrl)
Creates a new instance- Parameters:
authenticationFilter
- theAbstractAuthenticationProcessingFilter
to usedefaultLoginProcessingUrl
- the default URL to use forloginProcessingUrl(String)
-
-
Method Detail
-
defaultSuccessUrl
public final T defaultSuccessUrl(java.lang.String defaultSuccessUrl)
Specifies where users will be redirected after authenticating successfully if they have not visited a secured page prior to authenticating. This is a shortcut for callingdefaultSuccessUrl(String, boolean)
.- Parameters:
defaultSuccessUrl
- the default success url- Returns:
- the
FormLoginConfigurer
for additional customization
-
defaultSuccessUrl
public final T defaultSuccessUrl(java.lang.String defaultSuccessUrl, boolean alwaysUse)
Specifies where users will be redirected after authenticating successfully if they have not visited a secured page prior to authenticating oralwaysUse
is true. This is a shortcut for callingsuccessHandler(AuthenticationSuccessHandler)
.- Parameters:
defaultSuccessUrl
- the default success urlalwaysUse
- true if thedefaultSuccesUrl
should be used after authentication despite if a protected page had been previously visited- Returns:
- the
FormLoginConfigurer
for additional customization
-
loginProcessingUrl
public T loginProcessingUrl(java.lang.String loginProcessingUrl)
Specifies the URL to validate the credentials.- Parameters:
loginProcessingUrl
- the URL to validate username and password- Returns:
- the
FormLoginConfigurer
for additional customization
-
securityContextRepository
public T securityContextRepository(org.springframework.security.web.context.SecurityContextRepository securityContextRepository)
-
createLoginProcessingUrlMatcher
protected abstract org.springframework.security.web.util.matcher.RequestMatcher createLoginProcessingUrlMatcher(java.lang.String loginProcessingUrl)
Create theRequestMatcher
given a loginProcessingUrl- Parameters:
loginProcessingUrl
- creates theRequestMatcher
based upon the loginProcessingUrl- Returns:
- the
RequestMatcher
to use based upon the loginProcessingUrl
-
authenticationDetailsSource
public final T authenticationDetailsSource(org.springframework.security.authentication.AuthenticationDetailsSource<javax.servlet.http.HttpServletRequest,?> authenticationDetailsSource)
Specifies a customAuthenticationDetailsSource
. The default isWebAuthenticationDetailsSource
.- Parameters:
authenticationDetailsSource
- the customAuthenticationDetailsSource
- Returns:
- the
FormLoginConfigurer
for additional customization
-
successHandler
public final T successHandler(org.springframework.security.web.authentication.AuthenticationSuccessHandler successHandler)
Specifies theAuthenticationSuccessHandler
to be used. The default isSavedRequestAwareAuthenticationSuccessHandler
with no additional properties set.- Parameters:
successHandler
- theAuthenticationSuccessHandler
.- Returns:
- the
FormLoginConfigurer
for additional customization
-
permitAll
public final T permitAll()
Equivalent of invoking permitAll(true)- Returns:
- the
FormLoginConfigurer
for additional customization
-
permitAll
public final T permitAll(boolean permitAll)
Ensures the urls forfailureUrl(String)
as well as for theHttpSecurityBuilder
, thegetLoginPage()
andgetLoginProcessingUrl()
are granted access to any user.- Parameters:
permitAll
- true to grant access to the URLs false to skip this step- Returns:
- the
FormLoginConfigurer
for additional customization
-
failureUrl
public final T failureUrl(java.lang.String authenticationFailureUrl)
The URL to send users if authentication fails. This is a shortcut for invokingfailureHandler(AuthenticationFailureHandler)
. The default is "/login?error".- Parameters:
authenticationFailureUrl
- the URL to send users if authentication fails (i.e. "/login?error").- Returns:
- the
FormLoginConfigurer
for additional customization
-
failureHandler
public final T failureHandler(org.springframework.security.web.authentication.AuthenticationFailureHandler authenticationFailureHandler)
Specifies theAuthenticationFailureHandler
to use when authentication fails. The default is redirecting to "/login?error" usingSimpleUrlAuthenticationFailureHandler
- Parameters:
authenticationFailureHandler
- theAuthenticationFailureHandler
to use when authentication fails.- Returns:
- the
FormLoginConfigurer
for additional customization
-
init
public void init(B http) throws java.lang.Exception
Description copied from interface:SecurityConfigurer
Initialize theSecurityBuilder
. Here only shared state should be created and modified, but not properties on theSecurityBuilder
used for building the object. This ensures that theSecurityConfigurer.configure(SecurityBuilder)
method uses the correct shared objects when building. Configurers should be applied here.- Specified by:
init
in interfaceSecurityConfigurer<B extends HttpSecurityBuilder<B>,T extends AbstractAuthenticationFilterConfigurer<B,T,F>>
- Overrides:
init
in classSecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,B extends HttpSecurityBuilder<B>>
- Throws:
java.lang.Exception
-
registerDefaultAuthenticationEntryPoint
protected final void registerDefaultAuthenticationEntryPoint(B http)
-
registerAuthenticationEntryPoint
protected final void registerAuthenticationEntryPoint(B http, org.springframework.security.web.AuthenticationEntryPoint authenticationEntryPoint)
-
getAuthenticationEntryPointMatcher
protected final org.springframework.security.web.util.matcher.RequestMatcher getAuthenticationEntryPointMatcher(B http)
-
configure
public void configure(B http) throws java.lang.Exception
Description copied from interface:SecurityConfigurer
Configure theSecurityBuilder
by setting the necessary properties on theSecurityBuilder
.- Specified by:
configure
in interfaceSecurityConfigurer<B extends HttpSecurityBuilder<B>,T extends AbstractAuthenticationFilterConfigurer<B,T,F>>
- Overrides:
configure
in classSecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,B extends HttpSecurityBuilder<B>>
- Throws:
java.lang.Exception
-
loginPage
protected T loginPage(java.lang.String loginPage)
Specifies the URL to send users to if login is required. If used with
EnableWebSecurity
a default login page will be generated when this attribute is not specified.If a URL is specified or this is not being used in conjunction with
EnableWebSecurity
, users are required to process the specified URL to generate a login page.
-
isCustomLoginPage
public final boolean isCustomLoginPage()
- Returns:
- true if a custom login page has been specified, else false
-
getAuthenticationFilter
protected final F getAuthenticationFilter()
Gets the Authentication Filter- Returns:
- the Authentication Filter
-
setAuthenticationFilter
protected final void setAuthenticationFilter(F authFilter)
Sets the Authentication Filter- Parameters:
authFilter
- the Authentication Filter
-
getLoginPage
protected final java.lang.String getLoginPage()
Gets the login page- Returns:
- the login page
-
getAuthenticationEntryPoint
protected final org.springframework.security.web.AuthenticationEntryPoint getAuthenticationEntryPoint()
Gets the Authentication Entry Point- Returns:
- the Authentication Entry Point
-
getLoginProcessingUrl
protected final java.lang.String getLoginProcessingUrl()
Gets the URL to submit an authentication request to (i.e. where username/password must be submitted)- Returns:
- the URL to submit an authentication request to
-
getFailureUrl
protected final java.lang.String getFailureUrl()
Gets the URL to send users to if authentication fails- Returns:
- the URL to send users if authentication fails (e.g. "/login?error").
-
updateAuthenticationDefaults
protected final void updateAuthenticationDefaults()
Updates the default values for authentication.- Throws:
java.lang.Exception
-
updateAccessDefaults
protected final void updateAccessDefaults(B http)
Updates the default values for access.
-
-