public final class OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>> extends AbstractAuthenticationFilterConfigurer<H,OpenIDLoginConfigurer<H>,org.springframework.security.openid.OpenIDAuthenticationFilter>
@Configuration
@EnableWebSecurity
public class OpenIDLoginConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) {
http
.authorizeRequests()
.antMatchers("/**").hasRole("USER")
.and()
.openidLogin()
.permitAll();
}
@Override
protected void configure(AuthenticationManagerBuilder auth)(
AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("https://www.google.com/accounts/o8/id?id=lmkCn9xzPdsxVwG7pjYMuDgNNdASFmobNkcRPaWU")
.password("password")
.roles("USER");
}
}
OpenIDAuthenticationFilterAuthenticationEntryPoint
is populated with a LoginUrlAuthenticationEntryPointOpenIDAuthenticationProvider is populated into
HttpSecurity.authenticationProvider(org.springframework.security.authentication.AuthenticationProvider)
AuthenticationManagerRememberMeServices - is optionally used. See
RememberMeConfigurerSessionAuthenticationStrategy - is optionally used. See
SessionManagementConfigurer| Modifier and Type | Class and Description |
|---|---|
class |
OpenIDLoginConfigurer.AttributeExchangeConfigurer
A class used to add OpenID attributes to look up
|
| Constructor and Description |
|---|
OpenIDLoginConfigurer()
Creates a new instance
|
| Modifier and Type | Method and Description |
|---|---|
OpenIDLoginConfigurer.AttributeExchangeConfigurer |
attributeExchange(String identifierPattern)
Sets up OpenID attribute exchange for OpenID's matching the specified
pattern.
|
OpenIDLoginConfigurer<H> |
authenticationUserDetailsService(org.springframework.security.core.userdetails.AuthenticationUserDetailsService<org.springframework.security.openid.OpenIDAuthenticationToken> authenticationUserDetailsService)
The
AuthenticationUserDetailsService to use. |
void |
configure(H http)
Configure the
SecurityBuilder by setting the necessary properties
on the SecurityBuilder. |
OpenIDLoginConfigurer<H> |
consumer(org.springframework.security.openid.OpenIDConsumer consumer)
Allows specifying the
OpenIDConsumer to be used. |
OpenIDLoginConfigurer<H> |
consumerManager(org.openid4java.consumer.ConsumerManager consumerManager)
Allows specifying the
ConsumerManager to be used. |
protected org.springframework.security.web.util.matcher.RequestMatcher |
createLoginProcessingUrlMatcher(String loginProcessingUrl)
Create the
RequestMatcher given a loginProcessingUrl |
B |
disable()
Disables the
AbstractHttpConfigurer by removing it. |
void |
init(H http)
Initialize the
SecurityBuilder. |
OpenIDLoginConfigurer<H> |
loginPage(String loginPage)
Specifies the URL to send users to if login is required.
|
OpenIDLoginConfigurer<H> |
loginProcessingUrl(String loginProcessingUrl)
Specifies the URL used to authenticate OpenID requests.
|
T |
withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor) |
authenticationDetailsSource, defaultSuccessUrl, defaultSuccessUrl, failureHandler, failureUrl, getAuthenticationFilter, getFailureUrl, getLoginPage, getLoginProcessingUrl, isCustomLoginPage, permitAll, permitAll, successHandleraddObjectPostProcessor, and, getBuilder, postProcess, setBuilderpublic OpenIDLoginConfigurer.AttributeExchangeConfigurer attributeExchange(String identifierPattern)
identifierPattern - the regular expression for matching on OpenID's (i.e.
"https://www.google.com/.*", ".*yahoo.com.*", etc)OpenIDLoginConfigurer.AttributeExchangeConfigurer for further customizations of the attribute exchangepublic OpenIDLoginConfigurer<H> consumer(org.springframework.security.openid.OpenIDConsumer consumer)
OpenIDConsumer to be used. The default is
using an OpenID4JavaConsumer.consumer - the OpenIDConsumer to be usedOpenIDLoginConfigurer for further customizationspublic OpenIDLoginConfigurer<H> consumerManager(org.openid4java.consumer.ConsumerManager consumerManager)
ConsumerManager to be used. If specified,
will be populated into an OpenID4JavaConsumer.
This is a shortcut for specifying the OpenID4JavaConsumer with a
specific ConsumerManager on consumer(OpenIDConsumer).
consumerManager - the ConsumerManager to use. Cannot be null.OpenIDLoginConfigurer for further customizationspublic OpenIDLoginConfigurer<H> authenticationUserDetailsService(org.springframework.security.core.userdetails.AuthenticationUserDetailsService<org.springframework.security.openid.OpenIDAuthenticationToken> authenticationUserDetailsService)
AuthenticationUserDetailsService to use. By default a
UserDetailsByNameServiceWrapper is used with the
UserDetailsService shared object found with
AbstractConfiguredSecurityBuilder.getSharedObject(Class).authenticationUserDetailsService - the AuthenticationDetailsSource to useOpenIDLoginConfigurer for further customizationspublic OpenIDLoginConfigurer<H> loginProcessingUrl(String loginProcessingUrl)
HttpServletRequest
matches this URL the OpenIDAuthenticationFilter will attempt to
authenticate the request. The default is "/login/openid".loginProcessingUrl in class AbstractAuthenticationFilterConfigurer<H extends HttpSecurityBuilder<H>,OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>>,org.springframework.security.openid.OpenIDAuthenticationFilter>loginUrl - the URL used to perform authenticationOpenIDLoginConfigurer for additional customizationpublic OpenIDLoginConfigurer<H> loginPage(String loginPage)
Specifies the URL to send users to if login is required. If used with
WebSecurityConfigurerAdapter a default login page will be
generated when this attribute is not specified.
If a URL is specified or this is not being used in conjuction with
WebSecurityConfigurerAdapter, users are required to process the
specified URL to generate a login page.
loginProcessingUrl(String)OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELDloginPage in class AbstractAuthenticationFilterConfigurer<H extends HttpSecurityBuilder<H>,OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>>,org.springframework.security.openid.OpenIDAuthenticationFilter>loginPage - the login page to redirect to if authentication is required (i.e. "/login")FormLoginConfigurer for additional customizationpublic void init(H http) throws Exception
SecurityConfigurerSecurityBuilder. Here only shared state should be
created and modified, but not properties on the SecurityBuilder
used for building the object. This ensures that the
SecurityConfigurer.configure(SecurityBuilder) method uses the correct shared
objects when building.init in interface SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>init in class AbstractAuthenticationFilterConfigurer<H extends HttpSecurityBuilder<H>,OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>>,org.springframework.security.openid.OpenIDAuthenticationFilter>Exceptionpublic void configure(H http) throws Exception
SecurityConfigurerSecurityBuilder by setting the necessary properties
on the SecurityBuilder.configure in interface SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>configure in class AbstractAuthenticationFilterConfigurer<H extends HttpSecurityBuilder<H>,OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>>,org.springframework.security.openid.OpenIDAuthenticationFilter>Exceptionprotected org.springframework.security.web.util.matcher.RequestMatcher createLoginProcessingUrlMatcher(String loginProcessingUrl)
AbstractAuthenticationFilterConfigurerRequestMatcher given a loginProcessingUrlcreateLoginProcessingUrlMatcher in class AbstractAuthenticationFilterConfigurer<H extends HttpSecurityBuilder<H>,OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>>,org.springframework.security.openid.OpenIDAuthenticationFilter>loginProcessingUrl - creates the RequestMatcher based upon the loginProcessingUrlRequestMatcher to use based upon the loginProcessingUrlpublic B disable()
AbstractHttpConfigurer by removing it. After doing
so a fresh version of the configuration can be applied.HttpSecurityBuilder for additional customizationspublic T withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor)