Package org.springframework.security.config.annotation.web.configurers

Class AnonymousConfigurer<H extends HttpSecurityBuilder<H>>

java.lang.Object
org.springframework.security.config.annotation.SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,B>
org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer<AnonymousConfigurer<H>,H>
org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer<H>
All Implemented Interfaces:
SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,H>
public final class AnonymousConfigurer<H extends HttpSecurityBuilder<H>> extends AbstractHttpConfigurer<AnonymousConfigurer<H>,H>
Configures Anonymous authentication (i.e. populate an Authentication that represents an anonymous user instead of having a null value) for an HttpSecurity. Specifically this will configure an AnonymousAuthenticationFilter and an AnonymousAuthenticationProvider. All properties have reasonable defaults, so no additional configuration is required other than applying this SecurityConfigurer.
Since:
3.2

  • Constructor Details

  • Method Details

    • key

      public AnonymousConfigurer<H> key(String key)
      Sets the key to identify tokens created for anonymous authentication. Default is a secure randomly generated key.
      Parameters:
      key - the key to identify tokens created for anonymous authentication. Default is a secure randomly generated key.
      Returns:
      the AnonymousConfigurer for further customization of anonymous authentication

    • principal

      public AnonymousConfigurer<H> principal(Object principal)
      Sets the principal for Authentication objects of anonymous users
      Parameters:
      principal - used for the Authentication object of anonymous users
      Returns:
      the AnonymousConfigurer for further customization of anonymous authentication

    • authorities

      public AnonymousConfigurer<H> authorities(List<org.springframework.security.core.GrantedAuthority> authorities)
      Sets the Authentication.getAuthorities() for anonymous users
      Parameters:
      authorities - Sets the Authentication.getAuthorities() for anonymous users
      Returns:
      the AnonymousConfigurer for further customization of anonymous authentication

    • authorities

      public AnonymousConfigurer<H> authorities(String... authorities)
      Sets the Authentication.getAuthorities() for anonymous users
      Parameters:
      authorities - Sets the Authentication.getAuthorities() for anonymous users (i.e. "ROLE_ANONYMOUS")
      Returns:
      the AnonymousConfigurer for further customization of anonymous authentication

    • authenticationProvider

      public AnonymousConfigurer<H> authenticationProvider(org.springframework.security.authentication.AuthenticationProvider authenticationProvider)
      Sets the AuthenticationProvider used to validate an anonymous user. If this is set, no attributes on the AnonymousConfigurer will be set on the AuthenticationProvider.
      Parameters:
      authenticationProvider - the AuthenticationProvider used to validate an anonymous user. Default is AnonymousAuthenticationProvider
      Returns:
      the AnonymousConfigurer for further customization of anonymous authentication

    • authenticationFilter

      public AnonymousConfigurer<H> authenticationFilter(org.springframework.security.web.authentication.AnonymousAuthenticationFilter authenticationFilter)
      Sets the AnonymousAuthenticationFilter used to populate an anonymous user. If this is set, no attributes on the AnonymousConfigurer will be set on the AnonymousAuthenticationFilter.
      Parameters:
      authenticationFilter - the AnonymousAuthenticationFilter used to populate an anonymous user.
      Returns:
      the AnonymousConfigurer for further customization of anonymous authentication

    • init

      public void init(H http)
      Description copied from interface: SecurityConfigurer
      Initialize the SecurityBuilder. Here only shared state should be created and modified, but not properties on the SecurityBuilder used for building the object. This ensures that the SecurityConfigurer.configure(SecurityBuilder) method uses the correct shared objects when building. Configurers should be applied here.
      Specified by:
      init in interface SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>
      Overrides:
      init in class SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>

    • configure

      public void configure(H http)
      Description copied from interface: SecurityConfigurer
      Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.
      Specified by:
      configure in interface SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>
      Overrides:
      configure in class SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>