Class ServerHttpSecurity.FormLoginSpec
java.lang.Object
org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec
- Enclosing class:
- ServerHttpSecurity
Configures Form Based authentication
- Since:
- 5.0
- See Also:
-
Method Summary
Modifier and TypeMethodDescriptionand()
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0.authenticationEntryPoint
(ServerAuthenticationEntryPoint authenticationEntryPoint) How to request for authentication.authenticationFailureHandler
(ServerAuthenticationFailureHandler authenticationFailureHandler) Configures how a failed authentication is handled.authenticationManager
(ReactiveAuthenticationManager authenticationManager) TheReactiveAuthenticationManager
used to authenticate.authenticationSuccessHandler
(Consumer<List<ServerAuthenticationSuccessHandler>> handlersConsumer) Allows customizing the list ofServerAuthenticationSuccessHandler
.authenticationSuccessHandler
(ServerAuthenticationSuccessHandler authenticationSuccessHandler) TheServerAuthenticationSuccessHandler
used after authentication success.protected void
configure
(ServerHttpSecurity http) disable()
Disables HTTP Basic authentication.Configures the log in page to redirect to, the authentication failure page, and when authentication is performed.requiresAuthenticationMatcher
(ServerWebExchangeMatcher requiresAuthenticationMatcher) Configures when authentication is performed.securityContextRepository
(ServerSecurityContextRepository securityContextRepository) TheServerSecurityContextRepository
used to save theAuthentication
.
-
Method Details
-
authenticationManager
public ServerHttpSecurity.FormLoginSpec authenticationManager(ReactiveAuthenticationManager authenticationManager) TheReactiveAuthenticationManager
used to authenticate. Defaults toServerHttpSecurity.authenticationManager(ReactiveAuthenticationManager)
.- Parameters:
authenticationManager
- the authentication manager to use- Returns:
- the
ServerHttpSecurity.FormLoginSpec
to continue configuring
-
authenticationSuccessHandler
public ServerHttpSecurity.FormLoginSpec authenticationSuccessHandler(ServerAuthenticationSuccessHandler authenticationSuccessHandler) TheServerAuthenticationSuccessHandler
used after authentication success. Defaults toRedirectServerAuthenticationSuccessHandler
. Note that this method clears previously added success handlers viaauthenticationSuccessHandler(Consumer)
- Parameters:
authenticationSuccessHandler
- the success handler to use- Returns:
- the
ServerHttpSecurity.FormLoginSpec
to continue configuring
-
authenticationSuccessHandler
public ServerHttpSecurity.FormLoginSpec authenticationSuccessHandler(Consumer<List<ServerAuthenticationSuccessHandler>> handlersConsumer) Allows customizing the list ofServerAuthenticationSuccessHandler
. The default list contains aRedirectServerAuthenticationSuccessHandler
that redirects to "/".- Parameters:
handlersConsumer
- the handlers consumer- Returns:
- the
ServerHttpSecurity.FormLoginSpec
to continue configuring - Since:
- 6.3
-
loginPage
Configures the log in page to redirect to, the authentication failure page, and when authentication is performed. The default is that Spring Security will generate a log in page at "/login" and a log out page at "/logout". If this is customized:- The default log in & log out page are no longer provided
- The application must render a log in page at the provided URL
- The application must render an authentication error page at the provided URL + "?error"
- Authentication will occur for POST to the provided URL
- Parameters:
loginPage
- the url to redirect to which provides a form to log in (i.e. "/login")- Returns:
- the
ServerHttpSecurity.FormLoginSpec
to continue configuring - See Also:
-
authenticationEntryPoint
public ServerHttpSecurity.FormLoginSpec authenticationEntryPoint(ServerAuthenticationEntryPoint authenticationEntryPoint) How to request for authentication. The default is that Spring Security will generate a log in page at "/login".- Parameters:
authenticationEntryPoint
- the entry point to use- Returns:
- the
ServerHttpSecurity.FormLoginSpec
to continue configuring - See Also:
-
requiresAuthenticationMatcher
public ServerHttpSecurity.FormLoginSpec requiresAuthenticationMatcher(ServerWebExchangeMatcher requiresAuthenticationMatcher) Configures when authentication is performed. The default is a POST to "/login".- Parameters:
requiresAuthenticationMatcher
- the matcher to use- Returns:
- the
ServerHttpSecurity.FormLoginSpec
to continue configuring - See Also:
-
authenticationFailureHandler
public ServerHttpSecurity.FormLoginSpec authenticationFailureHandler(ServerAuthenticationFailureHandler authenticationFailureHandler) Configures how a failed authentication is handled. The default is to redirect to "/login?error".- Parameters:
authenticationFailureHandler
- the handler to use- Returns:
- the
ServerHttpSecurity.FormLoginSpec
to continue configuring - See Also:
-
securityContextRepository
public ServerHttpSecurity.FormLoginSpec securityContextRepository(ServerSecurityContextRepository securityContextRepository) TheServerSecurityContextRepository
used to save theAuthentication
. Defaults toWebSessionServerSecurityContextRepository
. For theSecurityContext
to be loaded on subsequent requests theReactorContextWebFilter
must be configured to be able to load the value (they are not implicitly linked).- Parameters:
securityContextRepository
- the repository to use- Returns:
- the
ServerHttpSecurity.FormLoginSpec
to continue configuring
-
and
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. UseServerHttpSecurity.formLogin(Customizer)
orformLogin(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.Allows method chaining to continue configuring theServerHttpSecurity
- Returns:
- the
ServerHttpSecurity
to continue configuring
-
disable
Disables HTTP Basic authentication.- Returns:
- the
ServerHttpSecurity
to continue configuring
-
configure
-