@Order(value=100) public abstract class WebSecurityConfigurerAdapter extends Object implements WebSecurityConfigurer<WebSecurity>
WebSecurityConfigurer instance.
The implementation allows customization by overriding methods.EnableWebSecurity| Modifier | Constructor and Description |
|---|---|
protected |
WebSecurityConfigurerAdapter()
Creates an instance with the default configuration enabled.
|
protected |
WebSecurityConfigurerAdapter(boolean disableDefaults)
Creates an instance which allows specifying if the default configuration should be
enabled.
|
| Modifier and Type | Method and Description |
|---|---|
protected org.springframework.security.authentication.AuthenticationManager |
authenticationManager()
Gets the
AuthenticationManager to use. |
org.springframework.security.authentication.AuthenticationManager |
authenticationManagerBean()
Override this method to expose the
AuthenticationManager from
configure(AuthenticationManagerBuilder) to be exposed as a Bean. |
protected void |
configure(AuthenticationManagerBuilder auth)
Used by the default implementation of
authenticationManager() to attempt
to obtain an AuthenticationManager. |
protected void |
configure(HttpSecurity http)
Override this method to configure the
HttpSecurity. |
void |
configure(WebSecurity web)
Override this method to configure
WebSecurity. |
protected HttpSecurity |
getHttp()
Creates the
HttpSecurity or returns the current instance
] * @return the HttpSecurity |
void |
init(WebSecurity web)
Initialize the
SecurityBuilder. |
void |
setApplicationContext(ApplicationContext context) |
void |
setAuthenticationConfiguration(AuthenticationConfiguration authenticationConfiguration) |
void |
setContentNegotationStrategy(ContentNegotiationStrategy contentNegotiationStrategy) |
void |
setObjectPostProcessor(ObjectPostProcessor<Object> objectPostProcessor) |
void |
setTrustResolver(org.springframework.security.authentication.AuthenticationTrustResolver trustResolver) |
protected org.springframework.security.core.userdetails.UserDetailsService |
userDetailsService()
Allows modifying and accessing the
UserDetailsService from
userDetailsServiceBean() without interacting with the
ApplicationContext. |
org.springframework.security.core.userdetails.UserDetailsService |
userDetailsServiceBean()
Override this method to expose a
UserDetailsService created from
configure(AuthenticationManagerBuilder) as a bean. |
protected WebSecurityConfigurerAdapter()
protected WebSecurityConfigurerAdapter(boolean disableDefaults)
disableDefaults - true if the default configuration should be enabled, else
falseprotected void configure(AuthenticationManagerBuilder auth) throws Exception
authenticationManager() to attempt
to obtain an AuthenticationManager. If overridden, the
AuthenticationManagerBuilder should be used to specify the
AuthenticationManager.
The authenticationManagerBean() method can be used to expose the resulting
AuthenticationManager as a Bean. The userDetailsServiceBean() can
be used to expose the last populated UserDetailsService that is created
with the AuthenticationManagerBuilder as a Bean. The
UserDetailsService will also automatically be populated on
AbstractConfiguredSecurityBuilder.getSharedObject(Class) for use with other
SecurityContextConfigurer (i.e. RememberMeConfigurer )
For example, the following configuration could be used to register in memory
authentication that exposes an in memory UserDetailsService:
@Override
protected void configure(AuthenticationManagerBuilder auth) {
auth
// enable in memory based authentication with a user named
// "user" and "admin"
.inMemoryAuthentication().withUser("user").password("password").roles("USER").and()
.withUser("admin").password("password").roles("USER", "ADMIN");
}
// Expose the UserDetailsService as a Bean
@Bean
@Override
public UserDetailsService userDetailsServiceBean() throws Exception {
return super.userDetailsServiceBean();
}
auth - the AuthenticationManagerBuilder to useExceptionprotected final HttpSecurity getHttp() throws Exception
HttpSecurity or returns the current instance
] * @return the HttpSecurityExceptionpublic org.springframework.security.authentication.AuthenticationManager authenticationManagerBean()
throws Exception
AuthenticationManager from
configure(AuthenticationManagerBuilder) to be exposed as a Bean. For
example:
@Bean(name name="myAuthenticationManager")
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
AuthenticationManagerExceptionprotected org.springframework.security.authentication.AuthenticationManager authenticationManager()
throws Exception
AuthenticationManager to use. The default strategy is if
configure(AuthenticationManagerBuilder) method is overridden to use the
AuthenticationManagerBuilder that was passed in. Otherwise, autowire the
AuthenticationManager by type.Exceptionpublic org.springframework.security.core.userdetails.UserDetailsService userDetailsServiceBean()
throws Exception
UserDetailsService created from
configure(AuthenticationManagerBuilder) as a bean. In general only the
following override should be done of this method:
@Bean(name = "myUserDetailsService")
// any or no name specified is allowed
@Override
public UserDetailsService userDetailsServiceBean() throws Exception {
return super.userDetailsServiceBean();
}
To change the instance returned, developers should change
userDetailsService() insteadExceptionuserDetailsService()protected org.springframework.security.core.userdetails.UserDetailsService userDetailsService()
UserDetailsService from
userDetailsServiceBean() without interacting with the
ApplicationContext. Developers should override this method when changing
the instance of userDetailsServiceBean().public void init(WebSecurity web) throws Exception
SecurityConfigurerSecurityBuilder. Here only shared state should be created
and modified, but not properties on the SecurityBuilder used for building
the object. This ensures that the SecurityConfigurer.configure(SecurityBuilder) method uses
the correct shared objects when building.init in interface SecurityConfigurer<javax.servlet.Filter,WebSecurity>Exceptionpublic void configure(WebSecurity web) throws Exception
WebSecurity. For example, if you wish to
ignore certain requests.configure in interface SecurityConfigurer<javax.servlet.Filter,WebSecurity>Exceptionprotected void configure(HttpSecurity http) throws Exception
HttpSecurity. Typically subclasses
should not invoke this method by calling super as it may override their
configuration. The default configuration is:
http.authorizeRequests().anyRequest().authenticated().and().formLogin().and().httpBasic();
http - the HttpSecurity to modifyException - if an error occurs@Autowired public void setApplicationContext(ApplicationContext context)
@Autowired(required=false) public void setTrustResolver(org.springframework.security.authentication.AuthenticationTrustResolver trustResolver)
@Autowired(required=false) public void setContentNegotationStrategy(ContentNegotiationStrategy contentNegotiationStrategy)
@Autowired public void setObjectPostProcessor(ObjectPostProcessor<Object> objectPostProcessor)
@Autowired public void setAuthenticationConfiguration(AuthenticationConfiguration authenticationConfiguration)