OpenIDLoginConfigurer (Spring Security 3.2.0.RC1 API)

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.springframework.security.config.annotation.web.configurers.openid
Class OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>>

java.lang.Object
  org.springframework.security.config.annotation.SecurityConfigurerAdapter<DefaultSecurityFilterChain,B>
      org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer<H,OpenIDLoginConfigurer<H>,OpenIDAuthenticationFilter>
          org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer<H>

All Implemented Interfaces:: SecurityConfigurer<DefaultSecurityFilterChain,H>

public final class OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>>
extends AbstractAuthenticationFilterConfigurer<H,OpenIDLoginConfigurer<H>,OpenIDAuthenticationFilter>
extends AbstractAuthenticationFilterConfigurer<H,OpenIDLoginConfigurer<H>,OpenIDAuthenticationFilter>

Adds support for OpenID based authentication.

Example Configuration


 @Configuration
 @EnableWebSecurity
 public class OpenIDLoginConfig extends WebSecurityConfigurerAdapter {

        @Override
        protected void configure(HttpSecurity http) {
                http
                        .authorizeRequests()
                                .antMatchers("/**").hasRole("USER")
                                .and()
                        .openidLogin()
                                .permitAll();
        }

        @Override
        protected void registerAuthentication(
                        AuthenticationManagerBuilder auth) throws Exception {
                auth
                        .inMemoryAuthentication()
                                .withUser("https://www.google.com/accounts/o8/id?id=lmkCn9xzPdsxVwG7pjYMuDgNNdASFmobNkcRPaWU")
                                        .password("password")
                                        .roles("USER");
        }
 }

Security Filters

The following Filters are populated

OpenIDAuthenticationFilter

Shared Objects Created

AuthenticationEntryPoint is populated with a LoginUrlAuthenticationEntryPoint
A OpenIDAuthenticationProvider is populated into HttpSecurity.authenticationProvider(org.springframework.security.authentication.AuthenticationProvider)

Shared Objects Used

The following shared objects are used:

AuthenticationManager
RememberMeServices - is optionally used. See RememberMeConfigurer
SessionAuthenticationStrategy - is optionally used. See SessionManagementConfigurer

Since:: 3.2

Nested Class Summary
`class`	`OpenIDLoginConfigurer.AttributeExchangeConfigurer` A class used to add OpenID attributes to look up

Constructor Summary
`OpenIDLoginConfigurer()` Creates a new instance

Method Summary
`OpenIDLoginConfigurer.AttributeExchangeConfigurer`	`attributeExchange(String identifierPattern)` Sets up OpenID attribute exchange for OpenID's matching the specified pattern.
`OpenIDLoginConfigurer<H>`	`authenticationUserDetailsService(AuthenticationUserDetailsService<OpenIDAuthenticationToken> authenticationUserDetailsService)` The `AuthenticationUserDetailsService` to use.
`void`	`configure(H http)` Configure the `SecurityBuilder` by setting the necessary properties on the `SecurityBuilder`.
`OpenIDLoginConfigurer<H>`	`consumer(OpenIDConsumer consumer)` Allows specifying the `OpenIDConsumer` to be used.
`OpenIDLoginConfigurer<H>`	`consumerManager(org.openid4java.consumer.ConsumerManager consumerManager)` Allows specifying the `ConsumerManager` to be used.
`protected RequestMatcher`	`createLoginProcessingUrlMatcher(String loginProcessingUrl)` Create the `RequestMatcher` given a loginProcessingUrl
`B`	`disable()` Disables the `AbstractHttpConfigurer` by removing it.
`void`	`init(H http)` Initialize the `SecurityBuilder`.
`OpenIDLoginConfigurer<H>`	`loginPage(String loginPage)` Specifies the URL to send users to if login is required.
`OpenIDLoginConfigurer<H>`	`loginProcessingUrl(String loginProcessingUrl)` Specifies the URL used to authenticate OpenID requests.
`T`	`withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor)`

Methods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
`authenticationDetailsSource, defaultSuccessUrl, defaultSuccessUrl, failureHandler, failureUrl, getAuthenticationFilter, getFailureUrl, getLoginPage, getLoginProcessingUrl, isCustomLoginPage, permitAll, permitAll, successHandler`

Methods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter
`addObjectPostProcessor, and, getBuilder, postProcess, setBuilder`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

OpenIDLoginConfigurer

public OpenIDLoginConfigurer()

Creates a new instance

Method Detail

attributeExchange

public OpenIDLoginConfigurer.AttributeExchangeConfigurer attributeExchange(String identifierPattern)

Sets up OpenID attribute exchange for OpenID's matching the specified pattern.

Parameters:: identifierPattern - the regular expression for matching on OpenID's (i.e. "https://www.google.com/.*", ".*yahoo.com.*", etc)
Returns:: a OpenIDLoginConfigurer.AttributeExchangeConfigurer for further customizations of the attribute exchange

consumer

public OpenIDLoginConfigurer<H> consumer(OpenIDConsumer consumer)

Allows specifying the OpenIDConsumer to be used. The default is using an OpenID4JavaConsumer.

Parameters:: consumer - the OpenIDConsumer to be used
Returns:: the OpenIDLoginConfigurer for further customizations

consumerManager

public OpenIDLoginConfigurer<H> consumerManager(org.openid4java.consumer.ConsumerManager consumerManager)

Allows specifying the ConsumerManager to be used. If specified, will be populated into an OpenID4JavaConsumer.

This is a shortcut for specifying the OpenID4JavaConsumer with a specific ConsumerManager on consumer(OpenIDConsumer).

Parameters:: consumerManager - the ConsumerManager to use. Cannot be null.
Returns:: the OpenIDLoginConfigurer for further customizations

authenticationUserDetailsService

public OpenIDLoginConfigurer<H> authenticationUserDetailsService(AuthenticationUserDetailsService<OpenIDAuthenticationToken> authenticationUserDetailsService)

The AuthenticationUserDetailsService to use. By default a UserDetailsByNameServiceWrapper is used with the UserDetailsService shared object found with AbstractConfiguredSecurityBuilder.getSharedObject(Class).

Parameters:: authenticationUserDetailsService - the AuthenticationDetailsSource to use
Returns:: the OpenIDLoginConfigurer for further customizations

loginProcessingUrl

public OpenIDLoginConfigurer<H> loginProcessingUrl(String loginProcessingUrl)

Specifies the URL used to authenticate OpenID requests. If the HttpServletRequest matches this URL the OpenIDAuthenticationFilter will attempt to authenticate the request. The default is "/login/openid".

Overrides:: loginProcessingUrl in class AbstractAuthenticationFilterConfigurer<H extends HttpSecurityBuilder<H>,OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>>,OpenIDAuthenticationFilter>

Parameters:: loginUrl - the URL used to perform authentication
Returns:: the OpenIDLoginConfigurer for additional customization

loginPage

public OpenIDLoginConfigurer<H> loginPage(String loginPage)

Specifies the URL to send users to if login is required. If used with WebSecurityConfigurerAdapter a default login page will be generated when this attribute is not specified.

If a URL is specified or this is not being used in conjuction with WebSecurityConfigurerAdapter, users are required to process the specified URL to generate a login page.

It must be an HTTP POST
It must be submitted to loginProcessingUrl(String)
It should include the OpenID as an HTTP parameter by the name of OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD

Impact on other defaults

Updating this value, also impacts a number of other default values. For example, the following are the default values when only formLogin() was specified.

/login GET - the login form
/login POST - process the credentials and if valid authenticate the user
/login?error GET - redirect here for failed authentication attempts
/login?logout GET - redirect here after successfully logging out

If "/authenticate" was passed to this method it update the defaults as shown below:

/authenticate GET - the login form
/authenticate POST - process the credentials and if valid authenticate the user
/authenticate?error GET - redirect here for failed authentication attempts
/authenticate?logout GET - redirect here after successfully logging out

Overrides:: loginPage in class AbstractAuthenticationFilterConfigurer<H extends HttpSecurityBuilder<H>,OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>>,OpenIDAuthenticationFilter>

Parameters:: loginPage - the login page to redirect to if authentication is required (i.e. "/login")
Returns:: the FormLoginConfigurer for additional customization

init

public void init(H http)
          throws Exception

Description copied from interface: SecurityConfigurer

Initialize the SecurityBuilder. Here only shared state should be created and modified, but not properties on the SecurityBuilder used for building the object. This ensures that the SecurityConfigurer.configure(SecurityBuilder) method uses the correct shared objects when building.

Specified by:: init in interface SecurityConfigurer<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>
Overrides:: init in class AbstractAuthenticationFilterConfigurer<H extends HttpSecurityBuilder<H>,OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>>,OpenIDAuthenticationFilter>

Throws:: Exception

configure

public void configure(H http)
               throws Exception