Package org.springframework.security.config.annotation.web.configurers

Class AbstractAuthenticationFilterConfigurer<B extends HttpSecurityBuilder<B>,T extends AbstractAuthenticationFilterConfigurer<B,T,F>,F extends org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter>

java.lang.Object
org.springframework.security.config.annotation.SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,B>
org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer<T,B>
org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer<B,T,F>
Type Parameters:
T - refers to "this" for returning the current configurer
F - refers to the AbstractAuthenticationProcessingFilter that is being built
All Implemented Interfaces:
SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,B>
Direct Known Subclasses:
FormLoginConfigurer, OAuth2LoginConfigurer, Saml2LoginConfigurer
public abstract class AbstractAuthenticationFilterConfigurer<B extends HttpSecurityBuilder<B>,T extends AbstractAuthenticationFilterConfigurer<B,T,F>,F extends org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter> extends AbstractHttpConfigurer<T,B>
Base class for configuring AbstractAuthenticationFilterConfigurer. This is intended for internal use only.
Since:
3.2
See Also:

  • Constructor Details

    • AbstractAuthenticationFilterConfigurer

      protected AbstractAuthenticationFilterConfigurer()
      Creates a new instance with minimal defaults

    • AbstractAuthenticationFilterConfigurer

      protected AbstractAuthenticationFilterConfigurer(F authenticationFilter, String defaultLoginProcessingUrl)
      Creates a new instance
      Parameters:
      authenticationFilter - the AbstractAuthenticationProcessingFilter to use
      defaultLoginProcessingUrl - the default URL to use for loginProcessingUrl(String)

  • Method Details

    • defaultSuccessUrl

      public final T defaultSuccessUrl(String defaultSuccessUrl)
      Specifies where users will be redirected after authenticating successfully if they have not visited a secured page prior to authenticating. This is a shortcut for calling defaultSuccessUrl(String, boolean).
      Parameters:
      defaultSuccessUrl - the default success url
      Returns:
      the FormLoginConfigurer for additional customization

    • defaultSuccessUrl

      public final T defaultSuccessUrl(String defaultSuccessUrl, boolean alwaysUse)
      Specifies where users will be redirected after authenticating successfully if they have not visited a secured page prior to authenticating or alwaysUse is true. This is a shortcut for calling successHandler(AuthenticationSuccessHandler).
      Parameters:
      defaultSuccessUrl - the default success url
      alwaysUse - true if the defaultSuccessUrl should be used after authentication despite if a protected page had been previously visited
      Returns:
      the FormLoginConfigurer for additional customization

    • loginProcessingUrl

      public T loginProcessingUrl(String loginProcessingUrl)
      Specifies the URL to validate the credentials.
      Parameters:
      loginProcessingUrl - the URL to validate username and password
      Returns:
      the FormLoginConfigurer for additional customization

    • securityContextRepository

      public T securityContextRepository(org.springframework.security.web.context.SecurityContextRepository securityContextRepository)

    • createLoginProcessingUrlMatcher

      protected abstract org.springframework.security.web.util.matcher.RequestMatcher createLoginProcessingUrlMatcher(String loginProcessingUrl)
      Create the RequestMatcher given a loginProcessingUrl
      Parameters:
      loginProcessingUrl - creates the RequestMatcher based upon the loginProcessingUrl
      Returns:
      the RequestMatcher to use based upon the loginProcessingUrl

    • authenticationDetailsSource

      public final T authenticationDetailsSource(org.springframework.security.authentication.AuthenticationDetailsSource<jakarta.servlet.http.HttpServletRequest,?> authenticationDetailsSource)
      Specifies a custom AuthenticationDetailsSource. The default is WebAuthenticationDetailsSource.
      Parameters:
      authenticationDetailsSource - the custom AuthenticationDetailsSource
      Returns:
      the FormLoginConfigurer for additional customization

    • successHandler

      public final T successHandler(org.springframework.security.web.authentication.AuthenticationSuccessHandler successHandler)
      Specifies the AuthenticationSuccessHandler to be used. The default is SavedRequestAwareAuthenticationSuccessHandler with no additional properties set.
      Parameters:
      successHandler - the AuthenticationSuccessHandler.
      Returns:
      the FormLoginConfigurer for additional customization

    • permitAll

      public final T permitAll()
      Equivalent of invoking permitAll(true)
      Returns:
      the FormLoginConfigurer for additional customization

    • permitAll

      public final T permitAll(boolean permitAll)
      Ensures the urls for failureUrl(String) as well as for the HttpSecurityBuilder, the getLoginPage() and getLoginProcessingUrl() are granted access to any user.
      Parameters:
      permitAll - true to grant access to the URLs false to skip this step
      Returns:
      the FormLoginConfigurer for additional customization

    • failureUrl

      public final T failureUrl(String authenticationFailureUrl)
      The URL to send users if authentication fails. This is a shortcut for invoking failureHandler(AuthenticationFailureHandler). The default is "/login?error".
      Parameters:
      authenticationFailureUrl - the URL to send users if authentication fails (i.e. "/login?error").
      Returns:
      the FormLoginConfigurer for additional customization

    • failureHandler

      public final T failureHandler(org.springframework.security.web.authentication.AuthenticationFailureHandler authenticationFailureHandler)
      Specifies the AuthenticationFailureHandler to use when authentication fails. The default is redirecting to "/login?error" using SimpleUrlAuthenticationFailureHandler
      Parameters:
      authenticationFailureHandler - the AuthenticationFailureHandler to use when authentication fails.
      Returns:
      the FormLoginConfigurer for additional customization

    • init

      public void init(B http) throws Exception
      Description copied from interface: SecurityConfigurer
      Initialize the SecurityBuilder. Here only shared state should be created and modified, but not properties on the SecurityBuilder used for building the object. This ensures that the SecurityConfigurer.configure(SecurityBuilder) method uses the correct shared objects when building. Configurers should be applied here.
      Specified by:
      init in interface SecurityConfigurer<B extends HttpSecurityBuilder<B>,T extends AbstractAuthenticationFilterConfigurer<B,T,F>>
      Overrides:
      init in class SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,B extends HttpSecurityBuilder<B>>
      Throws:
      Exception

    • registerDefaultAuthenticationEntryPoint

      protected final void registerDefaultAuthenticationEntryPoint(B http)

    • registerAuthenticationEntryPoint

      protected final void registerAuthenticationEntryPoint(B http, org.springframework.security.web.AuthenticationEntryPoint authenticationEntryPoint)

    • getAuthenticationEntryPointMatcher

      protected final org.springframework.security.web.util.matcher.RequestMatcher getAuthenticationEntryPointMatcher(B http)

    • configure

      public void configure(B http) throws Exception
      Description copied from interface: SecurityConfigurer
      Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.
      Specified by:
      configure in interface SecurityConfigurer<B extends HttpSecurityBuilder<B>,T extends AbstractAuthenticationFilterConfigurer<B,T,F>>
      Overrides:
      configure in class SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,B extends HttpSecurityBuilder<B>>
      Throws:
      Exception

    • loginPage

      protected T loginPage(String loginPage)

      Specifies the URL to send users to if login is required. If used with EnableWebSecurity a default login page will be generated when this attribute is not specified.

      If a URL is specified or this is not being used in conjunction with EnableWebSecurity, users are required to process the specified URL to generate a login page.

    • isCustomLoginPage

      public final boolean isCustomLoginPage()
      Returns:
      true if a custom login page has been specified, else false

    • getAuthenticationFilter

      protected final F getAuthenticationFilter()
      Gets the Authentication Filter
      Returns:
      the Authentication Filter

    • setAuthenticationFilter

      protected final void setAuthenticationFilter(F authFilter)
      Sets the Authentication Filter
      Parameters:
      authFilter - the Authentication Filter

    • getLoginPage

      protected final String getLoginPage()
      Gets the login page
      Returns:
      the login page

    • getAuthenticationEntryPoint

      protected final org.springframework.security.web.AuthenticationEntryPoint getAuthenticationEntryPoint()
      Gets the Authentication Entry Point
      Returns:
      the Authentication Entry Point

    • getLoginProcessingUrl

      protected final String getLoginProcessingUrl()
      Gets the URL to submit an authentication request to (i.e. where username/password must be submitted)
      Returns:
      the URL to submit an authentication request to

    • getFailureUrl

      protected final String getFailureUrl()
      Gets the URL to send users to if authentication fails
      Returns:
      the URL to send users if authentication fails (e.g. "/login?error").

    • updateAuthenticationDefaults

      protected final void updateAuthenticationDefaults()
      Updates the default values for authentication.

    • updateAccessDefaults

      protected final void updateAccessDefaults(B http)
      Updates the default values for access.