|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.springframework.security.config.annotation.SecurityConfigurerAdapter<DefaultSecurityFilterChain,B> org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer<H,FormLoginConfigurer<H>,UsernamePasswordAuthenticationFilter> org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer<H>
public final class FormLoginConfigurer<H extends HttpSecurityBuilder<H>>
Adds form based authentication. All attributes have reasonable defaults
making all parameters are optional. If no loginPage(String)
is
specified, a default login page will be generated by the framework.
AuthenticationManager
RememberMeServices
- is optionally used. See RememberMeConfigurer
SessionAuthenticationStrategy
- is optionally used. See SessionManagementConfigurer
DefaultLoginPageViewFilter
- if present will be populated with information from the configuration
Constructor Summary | |
---|---|
FormLoginConfigurer()
Creates a new instance |
Method Summary | |
---|---|
protected RequestMatcher |
createLoginProcessingUrlMatcher(String loginProcessingUrl)
Create the RequestMatcher given a loginProcessingUrl |
B |
disable()
Disables the AbstractHttpConfigurer by removing it. |
void |
init(H http)
Initialize the SecurityBuilder . |
FormLoginConfigurer<H> |
loginPage(String loginPage)
Specifies the URL to send users to if login is required. |
FormLoginConfigurer<H> |
passwordParameter(String passwordParameter)
The HTTP parameter to look for the password when performing authentication. |
FormLoginConfigurer<H> |
usernameParameter(String usernameParameter)
The HTTP parameter to look for the username when performing authentication. |
T |
withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor)
|
Methods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer |
---|
authenticationDetailsSource, configure, defaultSuccessUrl, defaultSuccessUrl, failureHandler, failureUrl, getAuthenticationFilter, getFailureUrl, getLoginPage, getLoginProcessingUrl, isCustomLoginPage, loginProcessingUrl, permitAll, permitAll, successHandler |
Methods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter |
---|
addObjectPostProcessor, and, getBuilder, postProcess, setBuilder |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public FormLoginConfigurer()
HttpSecurity.formLogin()
Method Detail |
---|
public FormLoginConfigurer<H> loginPage(String loginPage)
Specifies the URL to send users to if login is required. If used with
WebSecurityConfigurerAdapter
a default login page will be
generated when this attribute is not specified.
If a URL is specified or this is not being used in conjuction with
WebSecurityConfigurerAdapter
, users are required to process the
specified URL to generate a login page. In general, the login page should
create a form that submits a request with the following requirements to
work with UsernamePasswordAuthenticationFilter
:
AbstractAuthenticationFilterConfigurer.loginProcessingUrl(String)
usernameParameter(String)
passwordParameter(String)
<c:url value="/login" var="loginProcessingUrl"/> <form action="${loginProcessingUrl}" method="post"> <fieldset> <legend>Please Login</legend> <!-- use param.error assuming FormLoginConfigurer#failureUrl contains the query parameter error --> <c:if test="${param.error != null}"> <div> Failed to login. <c:if test="${SPRING_SECURITY_LAST_EXCEPTION != null}"> Reason: <c:out value="${SPRING_SECURITY_LAST_EXCEPTION.message}" /> </c:if> </div> </c:if> <!-- the configured LogoutConfigurer#logoutSuccessUrl is /login?logout and contains the query param logout --> <c:if test="${param.logout != null}"> <div> You have been logged out. </div> </c:if> <p> <label for="username">Username</label> <input type="text" id="username" name="username"/> </p> <p> <label for="password">Password</label> <input type="password" id="password" name="password"/> </p> <!-- if using RememberMeConfigurer make sure remember-me matches RememberMeConfigurer#rememberMeParameter --> <p> <label for="remember-me">Remember Me?</label> <input type="checkbox" id="remember-me" name="remember-me"/> </p> <div> <button type="submit" class="btn">Log in</button> </div> </fieldset> </form>
loginPage
in class AbstractAuthenticationFilterConfigurer<H extends HttpSecurityBuilder<H>,FormLoginConfigurer<H extends HttpSecurityBuilder<H>>,UsernamePasswordAuthenticationFilter>
loginPage
- the login page to redirect to if authentication is required
(i.e. "/login")
FormLoginConfigurer
for additional customizationpublic FormLoginConfigurer<H> usernameParameter(String usernameParameter)
usernameParameter
- the HTTP parameter to look for the username when performing
authentication
FormLoginConfigurer
for additional customizationpublic FormLoginConfigurer<H> passwordParameter(String passwordParameter)
passwordParameter
- the HTTP parameter to look for the password when performing
authentication
FormLoginConfigurer
for additional customizationpublic void init(H http) throws Exception
SecurityConfigurer
SecurityBuilder
. Here only shared state should be
created and modified, but not properties on the SecurityBuilder
used for building the object. This ensures that the
SecurityConfigurer.configure(SecurityBuilder)
method uses the correct shared
objects when building.
init
in interface SecurityConfigurer<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>
init
in class AbstractAuthenticationFilterConfigurer<H extends HttpSecurityBuilder<H>,FormLoginConfigurer<H extends HttpSecurityBuilder<H>>,UsernamePasswordAuthenticationFilter>
Exception
protected RequestMatcher createLoginProcessingUrlMatcher(String loginProcessingUrl)
AbstractAuthenticationFilterConfigurer
RequestMatcher
given a loginProcessingUrl
createLoginProcessingUrlMatcher
in class AbstractAuthenticationFilterConfigurer<H extends HttpSecurityBuilder<H>,FormLoginConfigurer<H extends HttpSecurityBuilder<H>>,UsernamePasswordAuthenticationFilter>
loginProcessingUrl
- creates the RequestMatcher
based upon the loginProcessingUrl
RequestMatcher
to use based upon the loginProcessingUrlpublic B disable()
AbstractHttpConfigurer
by removing it. After doing
so a fresh version of the configuration can be applied.
HttpSecurityBuilder
for additional customizationspublic T withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor)
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |