public final class OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>> extends AbstractAuthenticationFilterConfigurer<H,OpenIDLoginConfigurer<H>,org.springframework.security.openid.OpenIDAuthenticationFilter>
@Configuration
@EnableWebSecurity
public class OpenIDLoginConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) {
http
.authorizeRequests()
.antMatchers("/**").hasRole("USER")
.and()
.openidLogin()
.permitAll();
}
@Override
protected void configure(AuthenticationManagerBuilder auth)(
AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("https://www.google.com/accounts/o8/id?id=lmkCn9xzPdsxVwG7pjYMuDgNNdASFmobNkcRPaWU")
.password("password")
.roles("USER");
}
}
OpenIDAuthenticationFilterAuthenticationEntryPoint is populated with a
LoginUrlAuthenticationEntryPointOpenIDAuthenticationProvider is populated into
HttpSecurity.authenticationProvider(org.springframework.security.authentication.AuthenticationProvider)
AuthenticationManagerRememberMeServices - is optionally used. See RememberMeConfigurer
SessionAuthenticationStrategy - is optionally used. See
SessionManagementConfigurer| Modifier and Type | Class and Description |
|---|---|
class |
OpenIDLoginConfigurer.AttributeExchangeConfigurer
A class used to add OpenID attributes to look up
|
| Constructor and Description |
|---|
OpenIDLoginConfigurer()
Creates a new instance
|
| Modifier and Type | Method and Description |
|---|---|
OpenIDLoginConfigurer.AttributeExchangeConfigurer |
attributeExchange(String identifierPattern)
Sets up OpenID attribute exchange for OpenID's matching the specified pattern.
|
OpenIDLoginConfigurer<H> |
authenticationUserDetailsService(org.springframework.security.core.userdetails.AuthenticationUserDetailsService<org.springframework.security.openid.OpenIDAuthenticationToken> authenticationUserDetailsService)
The
AuthenticationUserDetailsService to use. |
void |
configure(H http)
Configure the
SecurityBuilder by setting the necessary properties on the
SecurityBuilder. |
OpenIDLoginConfigurer<H> |
consumer(org.springframework.security.openid.OpenIDConsumer consumer)
Allows specifying the
OpenIDConsumer to be used. |
OpenIDLoginConfigurer<H> |
consumerManager(org.openid4java.consumer.ConsumerManager consumerManager)
Allows specifying the
ConsumerManager to be used. |
protected org.springframework.security.web.util.matcher.RequestMatcher |
createLoginProcessingUrlMatcher(String loginProcessingUrl)
Create the
RequestMatcher given a loginProcessingUrl |
B |
disable()
Disables the
AbstractHttpConfigurer by removing it. |
void |
init(H http)
Initialize the
SecurityBuilder. |
OpenIDLoginConfigurer<H> |
loginPage(String loginPage)
Specifies the URL to send users to if login is required.
|
OpenIDLoginConfigurer<H> |
loginProcessingUrl(String loginProcessingUrl)
Specifies the URL used to authenticate OpenID requests.
|
T |
withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor) |
authenticationDetailsSource, defaultSuccessUrl, defaultSuccessUrl, failureHandler, failureUrl, getAuthenticationFilter, getFailureUrl, getLoginPage, getLoginProcessingUrl, isCustomLoginPage, permitAll, permitAll, successHandleraddObjectPostProcessor, and, getBuilder, postProcess, setBuilderpublic OpenIDLoginConfigurer.AttributeExchangeConfigurer attributeExchange(String identifierPattern)
identifierPattern - the regular expression for matching on OpenID's (i.e.
"https://www.google.com/.*", ".*yahoo.com.*", etc)OpenIDLoginConfigurer.AttributeExchangeConfigurer for further customizations of the
attribute exchangepublic OpenIDLoginConfigurer<H> consumer(org.springframework.security.openid.OpenIDConsumer consumer)
OpenIDConsumer to be used. The default is using an
OpenID4JavaConsumer.consumer - the OpenIDConsumer to be usedOpenIDLoginConfigurer for further customizationspublic OpenIDLoginConfigurer<H> consumerManager(org.openid4java.consumer.ConsumerManager consumerManager)
ConsumerManager to be used. If specified, will be
populated into an OpenID4JavaConsumer.
This is a shortcut for specifying the OpenID4JavaConsumer with a specific
ConsumerManager on consumer(OpenIDConsumer).
consumerManager - the ConsumerManager to use. Cannot be null.OpenIDLoginConfigurer for further customizationspublic OpenIDLoginConfigurer<H> authenticationUserDetailsService(org.springframework.security.core.userdetails.AuthenticationUserDetailsService<org.springframework.security.openid.OpenIDAuthenticationToken> authenticationUserDetailsService)
AuthenticationUserDetailsService to use. By default a
UserDetailsByNameServiceWrapper is used with the UserDetailsService
shared object found with AbstractConfiguredSecurityBuilder.getSharedObject(Class).authenticationUserDetailsService - the AuthenticationDetailsSource to
useOpenIDLoginConfigurer for further customizationspublic OpenIDLoginConfigurer<H> loginProcessingUrl(String loginProcessingUrl)
HttpServletRequest matches this URL the OpenIDAuthenticationFilter
will attempt to authenticate the request. The default is "/login/openid".loginProcessingUrl in class AbstractAuthenticationFilterConfigurer<H extends HttpSecurityBuilder<H>,OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>>,org.springframework.security.openid.OpenIDAuthenticationFilter>loginProcessingUrl - the URL used to perform authenticationOpenIDLoginConfigurer for additional customizationpublic OpenIDLoginConfigurer<H> loginPage(String loginPage)
Specifies the URL to send users to if login is required. If used with
WebSecurityConfigurerAdapter a default login page will be generated when
this attribute is not specified.
If a URL is specified or this is not being used in conjuction with
WebSecurityConfigurerAdapter, users are required to process the specified
URL to generate a login page.
loginProcessingUrl(String)OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELDloginPage in class AbstractAuthenticationFilterConfigurer<H extends HttpSecurityBuilder<H>,OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>>,org.springframework.security.openid.OpenIDAuthenticationFilter>loginPage - the login page to redirect to if authentication is required (i.e.
"/login")FormLoginConfigurer for additional customizationpublic void init(H http) throws Exception
SecurityConfigurerSecurityBuilder. Here only shared state should be created
and modified, but not properties on the SecurityBuilder used for building
the object. This ensures that the SecurityConfigurer.configure(SecurityBuilder) method uses
the correct shared objects when building.init in interface SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>init in class AbstractAuthenticationFilterConfigurer<H extends HttpSecurityBuilder<H>,OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>>,org.springframework.security.openid.OpenIDAuthenticationFilter>Exceptionpublic void configure(H http) throws Exception
SecurityConfigurerSecurityBuilder by setting the necessary properties on the
SecurityBuilder.configure in interface SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>configure in class AbstractAuthenticationFilterConfigurer<H extends HttpSecurityBuilder<H>,OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>>,org.springframework.security.openid.OpenIDAuthenticationFilter>Exceptionprotected org.springframework.security.web.util.matcher.RequestMatcher createLoginProcessingUrlMatcher(String loginProcessingUrl)
AbstractAuthenticationFilterConfigurerRequestMatcher given a loginProcessingUrlcreateLoginProcessingUrlMatcher in class AbstractAuthenticationFilterConfigurer<H extends HttpSecurityBuilder<H>,OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>>,org.springframework.security.openid.OpenIDAuthenticationFilter>loginProcessingUrl - creates the RequestMatcher based upon the
loginProcessingUrlRequestMatcher to use based upon the loginProcessingUrlpublic B disable()
AbstractHttpConfigurer by removing it. After doing so a fresh
version of the configuration can be applied.HttpSecurityBuilder for additional customizationspublic T withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor)