Class ServerHttpSecurity.FormLoginSpec
java.lang.Object
org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec
- Enclosing class:
- ServerHttpSecurity
Configures Form Based authentication
- Since:
- 5.0
- See Also:
-
Method Summary
Modifier and TypeMethodDescriptionand()Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0.authenticationEntryPoint(ServerAuthenticationEntryPoint authenticationEntryPoint) How to request for authentication.authenticationFailureHandler(ServerAuthenticationFailureHandler authenticationFailureHandler) Configures how a failed authentication is handled.authenticationManager(ReactiveAuthenticationManager authenticationManager) TheReactiveAuthenticationManagerused to authenticate.authenticationSuccessHandler(Consumer<List<ServerAuthenticationSuccessHandler>> handlersConsumer) Allows customizing the list ofServerAuthenticationSuccessHandler.authenticationSuccessHandler(ServerAuthenticationSuccessHandler authenticationSuccessHandler) TheServerAuthenticationSuccessHandlerused after authentication success.protected voidconfigure(ServerHttpSecurity http) disable()Disables HTTP Basic authentication.Configures the log in page to redirect to, the authentication failure page, and when authentication is performed.requiresAuthenticationMatcher(ServerWebExchangeMatcher requiresAuthenticationMatcher) Configures when authentication is performed.securityContextRepository(ServerSecurityContextRepository securityContextRepository) TheServerSecurityContextRepositoryused to save theAuthentication.
-
Method Details
-
authenticationManager
public ServerHttpSecurity.FormLoginSpec authenticationManager(ReactiveAuthenticationManager authenticationManager) TheReactiveAuthenticationManagerused to authenticate. Defaults toServerHttpSecurity.authenticationManager(ReactiveAuthenticationManager).- Parameters:
authenticationManager- the authentication manager to use- Returns:
- the
ServerHttpSecurity.FormLoginSpecto continue configuring
-
authenticationSuccessHandler
public ServerHttpSecurity.FormLoginSpec authenticationSuccessHandler(ServerAuthenticationSuccessHandler authenticationSuccessHandler) TheServerAuthenticationSuccessHandlerused after authentication success. Defaults toRedirectServerAuthenticationSuccessHandler. Note that this method clears previously added success handlers viaauthenticationSuccessHandler(Consumer)- Parameters:
authenticationSuccessHandler- the success handler to use- Returns:
- the
ServerHttpSecurity.FormLoginSpecto continue configuring
-
authenticationSuccessHandler
public ServerHttpSecurity.FormLoginSpec authenticationSuccessHandler(Consumer<List<ServerAuthenticationSuccessHandler>> handlersConsumer) Allows customizing the list ofServerAuthenticationSuccessHandler. The default list contains aRedirectServerAuthenticationSuccessHandlerthat redirects to "/".- Parameters:
handlersConsumer- the handlers consumer- Returns:
- the
ServerHttpSecurity.FormLoginSpecto continue configuring - Since:
- 6.3
-
loginPage
Configures the log in page to redirect to, the authentication failure page, and when authentication is performed. The default is that Spring Security will generate a log in page at "/login" and a log out page at "/logout". If this is customized:- The default log in & log out page are no longer provided
- The application must render a log in page at the provided URL
- The application must render an authentication error page at the provided URL + "?error"
- Authentication will occur for POST to the provided URL
- Parameters:
loginPage- the url to redirect to which provides a form to log in (i.e. "/login")- Returns:
- the
ServerHttpSecurity.FormLoginSpecto continue configuring - See Also:
-
authenticationEntryPoint
public ServerHttpSecurity.FormLoginSpec authenticationEntryPoint(ServerAuthenticationEntryPoint authenticationEntryPoint) How to request for authentication. The default is that Spring Security will generate a log in page at "/login".- Parameters:
authenticationEntryPoint- the entry point to use- Returns:
- the
ServerHttpSecurity.FormLoginSpecto continue configuring - See Also:
-
requiresAuthenticationMatcher
public ServerHttpSecurity.FormLoginSpec requiresAuthenticationMatcher(ServerWebExchangeMatcher requiresAuthenticationMatcher) Configures when authentication is performed. The default is a POST to "/login".- Parameters:
requiresAuthenticationMatcher- the matcher to use- Returns:
- the
ServerHttpSecurity.FormLoginSpecto continue configuring - See Also:
-
authenticationFailureHandler
public ServerHttpSecurity.FormLoginSpec authenticationFailureHandler(ServerAuthenticationFailureHandler authenticationFailureHandler) Configures how a failed authentication is handled. The default is to redirect to "/login?error".- Parameters:
authenticationFailureHandler- the handler to use- Returns:
- the
ServerHttpSecurity.FormLoginSpecto continue configuring - See Also:
-
securityContextRepository
public ServerHttpSecurity.FormLoginSpec securityContextRepository(ServerSecurityContextRepository securityContextRepository) TheServerSecurityContextRepositoryused to save theAuthentication. Defaults toWebSessionServerSecurityContextRepository. For theSecurityContextto be loaded on subsequent requests theReactorContextWebFiltermust be configured to be able to load the value (they are not implicitly linked).- Parameters:
securityContextRepository- the repository to use- Returns:
- the
ServerHttpSecurity.FormLoginSpecto continue configuring
-
and
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. UseServerHttpSecurity.formLogin(Customizer)orformLogin(Customizer.withDefaults())to stick with defaults. See the documentation for more details.Allows method chaining to continue configuring theServerHttpSecurity- Returns:
- the
ServerHttpSecurityto continue configuring
-
disable
Disables HTTP Basic authentication.- Returns:
- the
ServerHttpSecurityto continue configuring
-
configure
-