public final class JeeConfigurer<H extends HttpSecurityBuilder<H>> extends SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,B>
J2eePreAuthenticatedProcessingFilterAuthenticationEntryPoint is populated with an
Http403ForbiddenEntryPointPreAuthenticatedAuthenticationProvider is populated into
HttpSecurity.authenticationProvider(org.springframework.security.authentication.AuthenticationProvider)
AuthenticationManager| Constructor and Description |
|---|
JeeConfigurer()
Creates a new instance
|
| Modifier and Type | Method and Description |
|---|---|
JeeConfigurer<H> |
authenticatedUserDetailsService(org.springframework.security.core.userdetails.AuthenticationUserDetailsService<org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken> authenticatedUserDetailsService)
Specifies the
AuthenticationUserDetailsService that is used with the
PreAuthenticatedAuthenticationProvider. |
void |
configure(H http)
Configure the
SecurityBuilder by setting the necessary properties on the
SecurityBuilder. |
B |
disable()
Disables the
AbstractHttpConfigurer by removing it. |
void |
init(H http)
Populates a
PreAuthenticatedAuthenticationProvider into
HttpSecurity.authenticationProvider(org.springframework.security.authentication.AuthenticationProvider)
and a Http403ForbiddenEntryPoint into
HttpSecurityBuilder.setSharedObject(Class, Object) |
JeeConfigurer<H> |
j2eePreAuthenticatedProcessingFilter(org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthenticatedProcessingFilter j2eePreAuthenticatedProcessingFilter)
Allows specifying the
J2eePreAuthenticatedProcessingFilter to use. |
JeeConfigurer<H> |
mappableAuthorities(Set<String> mappableRoles)
Specifies roles to use map from the
HttpServletRequest to the
UserDetails. |
JeeConfigurer<H> |
mappableAuthorities(String... mappableRoles)
Specifies roles to use map from the
HttpServletRequest to the
UserDetails. |
JeeConfigurer<H> |
mappableRoles(String... mappableRoles)
Specifies roles to use map from the
HttpServletRequest to the
UserDetails and automatically prefixes it with "ROLE_". |
T |
withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor) |
addObjectPostProcessor, and, getBuilder, postProcess, setBuilderpublic JeeConfigurer()
HttpSecurity.jee()public JeeConfigurer<H> mappableAuthorities(String... mappableRoles)
HttpServletRequest to the
UserDetails. If HttpServletRequest.isUserInRole(String) returns
true, the role is added to the UserDetails. This method is the equivalent
of invoking mappableAuthorities(Set). Multiple invocations of
mappableAuthorities(String...) will override previous invocations.
There are no default roles that are mapped.
mappableRoles - the roles to attempt to map to the UserDetails (i.e.
"ROLE_USER", "ROLE_ADMIN", etc).JeeConfigurer for further customizationsSimpleMappableAttributesRetriever,
mappableRoles(String...)public JeeConfigurer<H> mappableRoles(String... mappableRoles)
HttpServletRequest to the
UserDetails and automatically prefixes it with "ROLE_". If
HttpServletRequest.isUserInRole(String) returns true, the role is added to
the UserDetails. This method is the equivalent of invoking
mappableAuthorities(Set). Multiple invocations of
mappableRoles(String...) will override previous invocations.
There are no default roles that are mapped.
mappableRoles - the roles to attempt to map to the UserDetails (i.e.
"USER", "ADMIN", etc).JeeConfigurer for further customizationsSimpleMappableAttributesRetriever,
mappableAuthorities(String...)public JeeConfigurer<H> mappableAuthorities(Set<String> mappableRoles)
HttpServletRequest to the
UserDetails. If HttpServletRequest.isUserInRole(String) returns
true, the role is added to the UserDetails. This is the equivalent of
mappableRoles(String...). Multiple invocations of
mappableAuthorities(Set) will override previous invocations.
There are no default roles that are mapped.
mappableRoles - the roles to attempt to map to the UserDetails.JeeConfigurer for further customizationsSimpleMappableAttributesRetrieverpublic JeeConfigurer<H> authenticatedUserDetailsService(org.springframework.security.core.userdetails.AuthenticationUserDetailsService<org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken> authenticatedUserDetailsService)
AuthenticationUserDetailsService that is used with the
PreAuthenticatedAuthenticationProvider. The default is a
PreAuthenticatedGrantedAuthoritiesUserDetailsService.authenticatedUserDetailsService - the AuthenticationUserDetailsService
to use.JeeConfigurer for further configurationpublic JeeConfigurer<H> j2eePreAuthenticatedProcessingFilter(org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthenticatedProcessingFilter j2eePreAuthenticatedProcessingFilter)
J2eePreAuthenticatedProcessingFilter to use. If
J2eePreAuthenticatedProcessingFilter is provided, all of its attributes
must also be configured manually (i.e. all attributes populated in the
JeeConfigurer are not used).j2eePreAuthenticatedProcessingFilter - the
J2eePreAuthenticatedProcessingFilter to use.JeeConfigurer for further configurationpublic void init(H http) throws Exception
PreAuthenticatedAuthenticationProvider into
HttpSecurity.authenticationProvider(org.springframework.security.authentication.AuthenticationProvider)
and a Http403ForbiddenEntryPoint into
HttpSecurityBuilder.setSharedObject(Class, Object)init in interface SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>init in class SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>ExceptionSecurityConfigurerAdapter.init(org.springframework.security.config.annotation.SecurityBuilder)public void configure(H http) throws Exception
SecurityConfigurerSecurityBuilder by setting the necessary properties on the
SecurityBuilder.configure in interface SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>configure in class SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>Exceptionpublic B disable()
AbstractHttpConfigurer by removing it. After doing so a fresh
version of the configuration can be applied.HttpSecurityBuilder for additional customizationspublic T withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor)