Class JeeConfigurer<H extends HttpSecurityBuilder<H>>
java.lang.Object
org.springframework.security.config.annotation.SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,B>
org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer<JeeConfigurer<H>,H>
org.springframework.security.config.annotation.web.configurers.JeeConfigurer<H>
- All Implemented Interfaces:
SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,
H>
public final class JeeConfigurer<H extends HttpSecurityBuilder<H>>
extends AbstractHttpConfigurer<JeeConfigurer<H>,H>
Adds support for J2EE pre authentication.
Security Filters
The following Filters are populatedJ2eePreAuthenticatedProcessingFilter
Shared Objects Created
AuthenticationEntryPoint
is populated with anHttp403ForbiddenEntryPoint
- A
PreAuthenticatedAuthenticationProvider
is populated intoHttpSecurity.authenticationProvider(org.springframework.security.authentication.AuthenticationProvider)
Shared Objects Used
The following shared objects are used:AuthenticationManager
- Since:
- 3.2
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionauthenticatedUserDetailsService
(org.springframework.security.core.userdetails.AuthenticationUserDetailsService<org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken> authenticatedUserDetailsService) Specifies theAuthenticationUserDetailsService
that is used with thePreAuthenticatedAuthenticationProvider
.void
Configure theSecurityBuilder
by setting the necessary properties on theSecurityBuilder
.void
Populates aPreAuthenticatedAuthenticationProvider
intoHttpSecurity.authenticationProvider(org.springframework.security.authentication.AuthenticationProvider)
and aHttp403ForbiddenEntryPoint
intoHttpSecurityBuilder.setSharedObject(Class, Object)
j2eePreAuthenticatedProcessingFilter
(org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthenticatedProcessingFilter j2eePreAuthenticatedProcessingFilter) Allows specifying theJ2eePreAuthenticatedProcessingFilter
to use.mappableAuthorities
(String... mappableRoles) Specifies roles to use map from theHttpServletRequest
to theUserDetails
.mappableAuthorities
(Set<String> mappableRoles) Specifies roles to use map from theHttpServletRequest
to theUserDetails
.mappableRoles
(String... mappableRoles) Specifies roles to use map from theHttpServletRequest
to theUserDetails
and automatically prefixes it with "ROLE_".Methods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer
disable, getSecurityContextHolderStrategy, withObjectPostProcessor
Methods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter
addObjectPostProcessor, and, getBuilder, postProcess, setBuilder
-
Constructor Details
-
JeeConfigurer
public JeeConfigurer()Creates a new instance- See Also:
-
-
Method Details
-
mappableAuthorities
Specifies roles to use map from theHttpServletRequest
to theUserDetails
. IfHttpServletRequest.isUserInRole(String)
returns true, the role is added to theUserDetails
. This method is the equivalent of invokingmappableAuthorities(Set)
. Multiple invocations ofmappableAuthorities(String...)
will override previous invocations.There are no default roles that are mapped.
- Parameters:
mappableRoles
- the roles to attempt to map to theUserDetails
(i.e. "ROLE_USER", "ROLE_ADMIN", etc).- Returns:
- the
JeeConfigurer
for further customizations - See Also:
-
SimpleMappableAttributesRetriever
mappableRoles(String...)
-
mappableRoles
Specifies roles to use map from theHttpServletRequest
to theUserDetails
and automatically prefixes it with "ROLE_". IfHttpServletRequest.isUserInRole(String)
returns true, the role is added to theUserDetails
. This method is the equivalent of invokingmappableAuthorities(Set)
. Multiple invocations ofmappableRoles(String...)
will override previous invocations.There are no default roles that are mapped.
- Parameters:
mappableRoles
- the roles to attempt to map to theUserDetails
(i.e. "USER", "ADMIN", etc).- Returns:
- the
JeeConfigurer
for further customizations - See Also:
-
SimpleMappableAttributesRetriever
mappableAuthorities(String...)
-
mappableAuthorities
Specifies roles to use map from theHttpServletRequest
to theUserDetails
. IfHttpServletRequest.isUserInRole(String)
returns true, the role is added to theUserDetails
. This is the equivalent ofmappableRoles(String...)
. Multiple invocations ofmappableAuthorities(Set)
will override previous invocations.There are no default roles that are mapped.
- Parameters:
mappableRoles
- the roles to attempt to map to theUserDetails
.- Returns:
- the
JeeConfigurer
for further customizations - See Also:
-
SimpleMappableAttributesRetriever
-
authenticatedUserDetailsService
public JeeConfigurer<H> authenticatedUserDetailsService(org.springframework.security.core.userdetails.AuthenticationUserDetailsService<org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken> authenticatedUserDetailsService) Specifies theAuthenticationUserDetailsService
that is used with thePreAuthenticatedAuthenticationProvider
. The default is aPreAuthenticatedGrantedAuthoritiesUserDetailsService
.- Parameters:
authenticatedUserDetailsService
- theAuthenticationUserDetailsService
to use.- Returns:
- the
JeeConfigurer
for further configuration
-
j2eePreAuthenticatedProcessingFilter
public JeeConfigurer<H> j2eePreAuthenticatedProcessingFilter(org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthenticatedProcessingFilter j2eePreAuthenticatedProcessingFilter) Allows specifying theJ2eePreAuthenticatedProcessingFilter
to use. IfJ2eePreAuthenticatedProcessingFilter
is provided, all of its attributes must also be configured manually (i.e. all attributes populated in theJeeConfigurer
are not used).- Parameters:
j2eePreAuthenticatedProcessingFilter
- theJ2eePreAuthenticatedProcessingFilter
to use.- Returns:
- the
JeeConfigurer
for further configuration
-
init
Populates aPreAuthenticatedAuthenticationProvider
intoHttpSecurity.authenticationProvider(org.springframework.security.authentication.AuthenticationProvider)
and aHttp403ForbiddenEntryPoint
intoHttpSecurityBuilder.setSharedObject(Class, Object)
- Specified by:
init
in interfaceSecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,
H extends HttpSecurityBuilder<H>> - Overrides:
init
in classSecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,
H extends HttpSecurityBuilder<H>> - See Also:
-
configure
Description copied from interface:SecurityConfigurer
Configure theSecurityBuilder
by setting the necessary properties on theSecurityBuilder
.- Specified by:
configure
in interfaceSecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,
H extends HttpSecurityBuilder<H>> - Overrides:
configure
in classSecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,
H extends HttpSecurityBuilder<H>>
-