Package org.springframework.security.config.web.server

Class ServerHttpSecurity.OAuth2LoginSpec

java.lang.Object
org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
Enclosing class:
ServerHttpSecurity
public final class ServerHttpSecurity.OAuth2LoginSpec extends Object

  • Method Details

    • authenticationManager

      public ServerHttpSecurity.OAuth2LoginSpec authenticationManager(org.springframework.security.authentication.ReactiveAuthenticationManager authenticationManager)
      Configures the ReactiveAuthenticationManager to use. The default is OAuth2AuthorizationCodeReactiveAuthenticationManager
      Parameters:
      authenticationManager - the manager to use
      Returns:
      the ServerHttpSecurity.OAuth2LoginSpec to customize

    • securityContextRepository

      public ServerHttpSecurity.OAuth2LoginSpec securityContextRepository(org.springframework.security.web.server.context.ServerSecurityContextRepository securityContextRepository)
      The ServerSecurityContextRepository used to save the Authentication. Defaults to WebSessionServerSecurityContextRepository.
      Parameters:
      securityContextRepository - the repository to use
      Returns:
      the ServerHttpSecurity.OAuth2LoginSpec to continue configuring
      Since:
      5.2

    • oidcSessionRegistry

      public ServerHttpSecurity.OAuth2LoginSpec oidcSessionRegistry(org.springframework.security.oauth2.client.oidc.server.session.ReactiveOidcSessionRegistry oidcSessionRegistry)
      Configures the ReactiveOidcSessionRegistry to use when logins use OIDC. Default is to look the value up as a Bean, or else use an InMemoryReactiveOidcSessionRegistry.
      Parameters:
      oidcSessionRegistry - the registry to use
      Returns:
      the ServerHttpSecurity.OidcLogoutSpec to customize
      Since:
      6.2

    • authenticationSuccessHandler

      public ServerHttpSecurity.OAuth2LoginSpec authenticationSuccessHandler(org.springframework.security.web.server.authentication.ServerAuthenticationSuccessHandler authenticationSuccessHandler)
      The ServerAuthenticationSuccessHandler used after authentication success. Defaults to RedirectServerAuthenticationSuccessHandler redirecting to "/".
      Parameters:
      authenticationSuccessHandler - the success handler to use
      Returns:
      the ServerHttpSecurity.OAuth2LoginSpec to customize
      Since:
      5.2

    • authenticationFailureHandler

      public ServerHttpSecurity.OAuth2LoginSpec authenticationFailureHandler(org.springframework.security.web.server.authentication.ServerAuthenticationFailureHandler authenticationFailureHandler)
      The ServerAuthenticationFailureHandler used after authentication failure. Defaults to RedirectServerAuthenticationFailureHandler redirecting to "/login?error".
      Parameters:
      authenticationFailureHandler - the failure handler to use
      Returns:
      the ServerHttpSecurity.OAuth2LoginSpec to customize
      Since:
      5.2

    • authenticationConverter

      public ServerHttpSecurity.OAuth2LoginSpec authenticationConverter(org.springframework.security.web.server.authentication.ServerAuthenticationConverter authenticationConverter)
      Sets the converter to use
      Parameters:
      authenticationConverter - the converter to use
      Returns:
      the ServerHttpSecurity.OAuth2LoginSpec to customize

    • clientRegistrationRepository

      public ServerHttpSecurity.OAuth2LoginSpec clientRegistrationRepository(org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository clientRegistrationRepository)

    • authorizedClientService

      public ServerHttpSecurity.OAuth2LoginSpec authorizedClientService(org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientService authorizedClientService)

    • authorizedClientRepository

      public ServerHttpSecurity.OAuth2LoginSpec authorizedClientRepository(org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizedClientRepository authorizedClientRepository)

    • authorizationRequestRepository

      public ServerHttpSecurity.OAuth2LoginSpec authorizationRequestRepository(org.springframework.security.oauth2.client.web.server.ServerAuthorizationRequestRepository<org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest> authorizationRequestRepository)
      Sets the repository to use for storing OAuth2AuthorizationRequest's.
      Parameters:
      authorizationRequestRepository - the repository to use for storing OAuth2AuthorizationRequest's
      Returns:
      the ServerHttpSecurity.OAuth2LoginSpec for further configuration
      Since:
      5.2

    • authorizationRequestResolver

      public ServerHttpSecurity.OAuth2LoginSpec authorizationRequestResolver(org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizationRequestResolver authorizationRequestResolver)
      Sets the resolver used for resolving OAuth2AuthorizationRequest's.
      Parameters:
      authorizationRequestResolver - the resolver used for resolving OAuth2AuthorizationRequest's
      Returns:
      the ServerHttpSecurity.OAuth2LoginSpec for further configuration
      Since:
      5.2

    • authorizationRedirectStrategy

      public ServerHttpSecurity.OAuth2LoginSpec authorizationRedirectStrategy(org.springframework.security.web.server.ServerRedirectStrategy authorizationRedirectStrategy)
      Sets the redirect strategy for Authorization Endpoint redirect URI.
      Parameters:
      authorizationRedirectStrategy - the redirect strategy
      Returns:
      the ServerHttpSecurity.OAuth2LoginSpec for further configuration

    • authenticationMatcher

      public ServerHttpSecurity.OAuth2LoginSpec authenticationMatcher(org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher authenticationMatcher)
      Sets the matcher used for determining if the request is an authentication request.
      Parameters:
      authenticationMatcher - the matcher used for determining if the request is an authentication request
      Returns:
      the ServerHttpSecurity.OAuth2LoginSpec for further configuration
      Since:
      5.2

    • and

      @Deprecated(since="6.1", forRemoval=true) public ServerHttpSecurity and()
      Deprecated, for removal: This API element is subject to removal in a future version.
      For removal in 7.0. Use ServerHttpSecurity.oauth2Login(Customizer) or oauth2Login(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
      Allows method chaining to continue configuring the ServerHttpSecurity
      Returns:
      the ServerHttpSecurity to continue configuring

    • configure

      protected void configure(ServerHttpSecurity http)