Package org.springframework.security.config.annotation.web.configurers

Class X509Configurer<H extends HttpSecurityBuilder<H>>

java.lang.Object
org.springframework.security.config.annotation.SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,B>
org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer<X509Configurer<H>,H>
org.springframework.security.config.annotation.web.configurers.X509Configurer<H>
All Implemented Interfaces:
SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,H>
public final class X509Configurer<H extends HttpSecurityBuilder<H>> extends AbstractHttpConfigurer<X509Configurer<H>,H>
Adds X509 based pre authentication to an application. Since validating the certificate happens when the client connects, the requesting and validation of the client certificate should be performed by the container. Spring Security will then use the certificate to look up the Authentication for the user.

Security Filters

The following Filters are populated

  • X509AuthenticationFilter

Shared Objects Created

The following shared objects are created

Shared Objects Used

The following shared objects are used:

  • A UserDetailsService shared object is used if no AuthenticationUserDetailsService is specified
Since:
3.2

  • Constructor Details

  • Method Details

    • x509AuthenticationFilter

      public X509Configurer<H> x509AuthenticationFilter(org.springframework.security.web.authentication.preauth.x509.X509AuthenticationFilter x509AuthenticationFilter)
      Allows specifying the entire X509AuthenticationFilter. If this is specified, the properties on X509Configurer will not be populated on the X509AuthenticationFilter.
      Parameters:
      x509AuthenticationFilter - the X509AuthenticationFilter to use
      Returns:
      the X509Configurer for further customizations

    • x509PrincipalExtractor

      public X509Configurer<H> x509PrincipalExtractor(org.springframework.security.web.authentication.preauth.x509.X509PrincipalExtractor x509PrincipalExtractor)
      Specifies the X509PrincipalExtractor
      Parameters:
      x509PrincipalExtractor - the X509PrincipalExtractor to use
      Returns:
      the X509Configurer to use

    • authenticationDetailsSource

      public X509Configurer<H> authenticationDetailsSource(org.springframework.security.authentication.AuthenticationDetailsSource<jakarta.servlet.http.HttpServletRequest,org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails> authenticationDetailsSource)
      Specifies the AuthenticationDetailsSource
      Parameters:
      authenticationDetailsSource - the AuthenticationDetailsSource to use
      Returns:
      the X509Configurer to use

    • userDetailsService

      public X509Configurer<H> userDetailsService(org.springframework.security.core.userdetails.UserDetailsService userDetailsService)
      Shortcut for invoking authenticationUserDetailsService(AuthenticationUserDetailsService) with a UserDetailsByNameServiceWrapper.
      Parameters:
      userDetailsService - the UserDetailsService to use
      Returns:
      the X509Configurer for further customizations

    • authenticationUserDetailsService

      public X509Configurer<H> authenticationUserDetailsService(org.springframework.security.core.userdetails.AuthenticationUserDetailsService<org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken> authenticationUserDetailsService)
      Specifies the AuthenticationUserDetailsService to use. If not specified, then the UserDetailsService bean will be used by default.
      Parameters:
      authenticationUserDetailsService - the AuthenticationUserDetailsService to use
      Returns:
      the X509Configurer for further customizations

    • subjectPrincipalRegex

      public X509Configurer<H> subjectPrincipalRegex(String subjectPrincipalRegex)
      Specifies the regex to extract the principal from the certificate. If not specified, the default expression from SubjectDnX509PrincipalExtractor is used.
      Parameters:
      subjectPrincipalRegex - the regex to extract the user principal from the certificate (i.e. "CN=(.*?)(?:,|$)").
      Returns:
      the X509Configurer for further customizations

    • init

      public void init(H http)
      Description copied from interface: SecurityConfigurer
      Initialize the SecurityBuilder. Here only shared state should be created and modified, but not properties on the SecurityBuilder used for building the object. This ensures that the SecurityConfigurer.configure(SecurityBuilder) method uses the correct shared objects when building. Configurers should be applied here.
      Specified by:
      init in interface SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>
      Overrides:
      init in class SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>

    • configure

      public void configure(H http)
      Description copied from interface: SecurityConfigurer
      Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.
      Specified by:
      configure in interface SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>
      Overrides:
      configure in class SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>