public abstract class AbstractAuthenticationFilterConfigurer<B extends HttpSecurityBuilder<B>,T extends AbstractAuthenticationFilterConfigurer<B,T,F>,F extends org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter> extends SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,B>
AbstractAuthenticationFilterConfigurer. This is
intended for internal use only.FormLoginConfigurer,
OpenIDLoginConfigurer| Modifier | Constructor and Description |
|---|---|
protected |
AbstractAuthenticationFilterConfigurer(F authenticationFilter,
String defaultLoginProcessingUrl)
Creates a new instance
|
| Modifier and Type | Method and Description |
|---|---|
T |
authenticationDetailsSource(org.springframework.security.authentication.AuthenticationDetailsSource<javax.servlet.http.HttpServletRequest,?> authenticationDetailsSource)
Specifies a custom
AuthenticationDetailsSource. |
void |
configure(B http)
Configure the
SecurityBuilder by setting the necessary properties on the
SecurityBuilder. |
protected abstract org.springframework.security.web.util.matcher.RequestMatcher |
createLoginProcessingUrlMatcher(String loginProcessingUrl)
Create the
RequestMatcher given a loginProcessingUrl |
T |
defaultSuccessUrl(String defaultSuccessUrl)
Specifies where users will go after authenticating successfully if they have not
visited a secured page prior to authenticating.
|
T |
defaultSuccessUrl(String defaultSuccessUrl,
boolean alwaysUse)
Specifies where users will go after authenticating successfully if they have not
visited a secured page prior to authenticating or
alwaysUse is true. |
B |
disable()
Disables the
AbstractHttpConfigurer by removing it. |
T |
failureHandler(org.springframework.security.web.authentication.AuthenticationFailureHandler authenticationFailureHandler)
Specifies the
AuthenticationFailureHandler to use when authentication
fails. |
T |
failureUrl(String authenticationFailureUrl)
The URL to send users if authentication fails.
|
protected F |
getAuthenticationFilter()
Gets the Authentication Filter
|
protected String |
getFailureUrl()
Gets the URL to send users to if authentication fails
|
protected String |
getLoginPage()
Gets the login page
|
protected String |
getLoginProcessingUrl()
Gets the URL to submit an authentication request to (i.e.
|
void |
init(B http)
Initialize the
SecurityBuilder. |
boolean |
isCustomLoginPage() |
protected T |
loginPage(String loginPage)
Specifies the URL to send users to if login is required.
|
T |
loginProcessingUrl(String loginProcessingUrl)
Specifies the URL to validate the credentials.
|
T |
permitAll()
Equivalent of invoking permitAll(true)
|
T |
permitAll(boolean permitAll)
Ensures the urls for
failureUrl(String) as well as for the HttpSecurityBuilder, the
getLoginPage() and getLoginProcessingUrl() are granted access to any user. |
T |
successHandler(org.springframework.security.web.authentication.AuthenticationSuccessHandler successHandler)
Specifies the
AuthenticationSuccessHandler to be used. |
T |
withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor) |
addObjectPostProcessor, and, getBuilder, postProcess, setBuilderprotected AbstractAuthenticationFilterConfigurer(F authenticationFilter, String defaultLoginProcessingUrl)
authenticationFilter - the AbstractAuthenticationProcessingFilter to
usedefaultLoginProcessingUrl - the default URL to use for
loginProcessingUrl(String)public final T defaultSuccessUrl(String defaultSuccessUrl)
defaultSuccessUrl(String).defaultSuccessUrl - the default success urlFormLoginConfigurer for additional customizationpublic final T defaultSuccessUrl(String defaultSuccessUrl, boolean alwaysUse)
alwaysUse is true. This
is a shortcut for calling successHandler(AuthenticationSuccessHandler).defaultSuccessUrl - the default success urlalwaysUse - true if the defaultSuccesUrl should be used after
authentication despite if a protected page had been previously visitedFormLoginConfigurer for additional customizationpublic T loginProcessingUrl(String loginProcessingUrl)
loginProcessingUrl - the URL to validate username and passwordFormLoginConfigurer for additional customizationprotected abstract org.springframework.security.web.util.matcher.RequestMatcher createLoginProcessingUrlMatcher(String loginProcessingUrl)
RequestMatcher given a loginProcessingUrlloginProcessingUrl - creates the RequestMatcher based upon the
loginProcessingUrlRequestMatcher to use based upon the loginProcessingUrlpublic final T authenticationDetailsSource(org.springframework.security.authentication.AuthenticationDetailsSource<javax.servlet.http.HttpServletRequest,?> authenticationDetailsSource)
AuthenticationDetailsSource. The default is
WebAuthenticationDetailsSource.authenticationDetailsSource - the custom AuthenticationDetailsSourceFormLoginConfigurer for additional customizationpublic final T successHandler(org.springframework.security.web.authentication.AuthenticationSuccessHandler successHandler)
AuthenticationSuccessHandler to be used. The default is
SavedRequestAwareAuthenticationSuccessHandler with no additional properites
set.successHandler - the AuthenticationSuccessHandler.FormLoginConfigurer for additional customizationpublic final T permitAll()
public final T permitAll(boolean permitAll)
failureUrl(String) as well as for the HttpSecurityBuilder, the
getLoginPage() and getLoginProcessingUrl() are granted access to any user.permitAll - true to grant access to the URLs false to skip this stepFormLoginConfigurer for additional customizationpublic final T failureUrl(String authenticationFailureUrl)
failureHandler(AuthenticationFailureHandler). The default is
"/login?error".authenticationFailureUrl - the URL to send users if authentication fails (i.e.
"/login?error").FormLoginConfigurer for additional customizationpublic final T failureHandler(org.springframework.security.web.authentication.AuthenticationFailureHandler authenticationFailureHandler)
AuthenticationFailureHandler to use when authentication
fails. The default is redirecting to "/login?error" using
SimpleUrlAuthenticationFailureHandlerauthenticationFailureHandler - the AuthenticationFailureHandler to use
when authentication fails.FormLoginConfigurer for additional customizationpublic void init(B http) throws Exception
SecurityConfigurerSecurityBuilder. Here only shared state should be created
and modified, but not properties on the SecurityBuilder used for building
the object. This ensures that the SecurityConfigurer.configure(SecurityBuilder) method uses
the correct shared objects when building.init in interface SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,B extends HttpSecurityBuilder<B>>init in class SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,B extends HttpSecurityBuilder<B>>Exceptionpublic void configure(B http) throws Exception
SecurityConfigurerSecurityBuilder by setting the necessary properties on the
SecurityBuilder.configure in interface SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,B extends HttpSecurityBuilder<B>>configure in class SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,B extends HttpSecurityBuilder<B>>Exceptionprotected T loginPage(String loginPage)
Specifies the URL to send users to if login is required. If used with
WebSecurityConfigurerAdapter a default login page will be generated when
this attribute is not specified.
If a URL is specified or this is not being used in conjuction with
WebSecurityConfigurerAdapter, users are required to process the specified
URL to generate a login page.
public final boolean isCustomLoginPage()
protected final F getAuthenticationFilter()
protected final String getLoginPage()
protected final String getLoginProcessingUrl()
protected final String getFailureUrl()
public B disable()
AbstractHttpConfigurer by removing it. After doing so a fresh
version of the configuration can be applied.HttpSecurityBuilder for additional customizationspublic T withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor)