Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.springframework.security.config.annotation.web.configuration
Class WebSecurityConfigurerAdapter

java.lang.Object
  extended by org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
All Implemented Interfaces:
SecurityConfigurer<javax.servlet.Filter,WebSecurity>
public abstract class WebSecurityConfigurerAdapter
extends Object
implements SecurityConfigurer<javax.servlet.Filter,WebSecurity>

Provides a convenient base class for creating a WebSecurityConfigurer instance. The implementation allows customization by overriding methods.

See Also:
EnableWebSecurity

Constructor Summary
protected WebSecurityConfigurerAdapter()
          Creates an instance with the default configuration enabled.
protected WebSecurityConfigurerAdapter(boolean disableDefaults)
          Creates an instance which allows specifying if the default configuration should be enabled.
 
Method Summary
protected  AuthenticationManager authenticationManager()
          Gets the AuthenticationManager to use.
 AuthenticationManager authenticationManagerBean()
          Override this method to expose the AuthenticationManager from registerAuthentication(AuthenticationManagerBuilder) to be exposed as a Bean.
protected  void configure(HttpSecurity http)
          Override this method to configure the HttpSecurity.
 void configure(WebSecurity web)
          Override this method to configure WebSecurity.
protected  HttpSecurity getHttp()
          Creates the HttpSecurity or returns the current instance
 void init(WebSecurity web)
          Initialize the SecurityBuilder.
protected  void registerAuthentication(AuthenticationManagerBuilder auth)
          Used by the default implementation of authenticationManager() to attempt to obtain an AuthenticationManager.
 void setApplicationContext(ApplicationContext context)
           
 void setContentNegotationStrategy(org.springframework.web.accept.ContentNegotiationStrategy contentNegotiationStrategy)
           
 void setObjectPostProcessor(ObjectPostProcessor<Object> objectPostProcessor)
           
protected  UserDetailsService userDetailsService()
          Allows modifying and accessing the UserDetailsService from userDetailsServiceBean()() without interacting with the ApplicationContext.
 UserDetailsService userDetailsServiceBean()
          Override this method to expose a UserDetailsService created from registerAuthentication(AuthenticationManagerBuilder) as a bean.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

WebSecurityConfigurerAdapter

protected WebSecurityConfigurerAdapter()
Creates an instance with the default configuration enabled.

WebSecurityConfigurerAdapter

protected WebSecurityConfigurerAdapter(boolean disableDefaults)
Creates an instance which allows specifying if the default configuration should be enabled. Disabling the default configuration should be considered more advanced usage as it requires more understanding of how the framework is implemented.

Parameters:
disableDefaults - true if the default configuration should be enabled, else false
Method Detail

registerAuthentication

protected void registerAuthentication(AuthenticationManagerBuilder auth)
                               throws Exception
Used by the default implementation of authenticationManager() to attempt to obtain an AuthenticationManager. If overridden, the AuthenticationManagerBuilder should be used to specify the AuthenticationManager. The resulting AuthenticationManager will be exposed as a Bean as will the last populated UserDetailsService that is created with the AuthenticationManagerBuilder. The UserDetailsService will also automatically be populated on AbstractConfiguredSecurityBuilder.getSharedObject(Class) for use with other SecurityContextConfigurer (i.e. RememberMeConfigurer )

For example, the following configuration could be used to register in memory authentication that exposes an in memory UserDetailsService:

 @Override
 protected void registerAuthentication(AuthenticationManagerBuilder auth) {
     auth
         // enable in memory based authentication with a user named "user" and "admin"
         .inMemoryAuthentication()
             .withUser("user").password("password").roles("USER").and()
             .withUser("admin").password("password").roles("USER", "ADMIN");
 }

Parameters:
auth - the AuthenticationManagerBuilder to use
Throws:
Exception

getHttp

protected final HttpSecurity getHttp()
                              throws Exception
Creates the HttpSecurity or returns the current instance

Returns:
the HttpSecurity
Throws:
Exception

authenticationManagerBean

public AuthenticationManager authenticationManagerBean()
                                                throws Exception
Override this method to expose the AuthenticationManager from registerAuthentication(AuthenticationManagerBuilder) to be exposed as a Bean. For example: 
 @Bean(name name="myAuthenticationManager")
 @Override
 public AuthenticationManager authenticationManagerBean() throws Exception {
     return super.authenticationManagerBean();
 }

Returns:
the AuthenticationManager
Throws:
Exception

authenticationManager

protected AuthenticationManager authenticationManager()
                                               throws Exception
Gets the AuthenticationManager to use. The default strategy is if registerAuthentication(AuthenticationManagerBuilder) method is overridden to use the AuthenticationManagerBuilder that was passed in. Otherwise, autowire the AuthenticationManager by type.

Returns:
Throws:
Exception

userDetailsServiceBean

public UserDetailsService userDetailsServiceBean()
                                          throws Exception
Override this method to expose a UserDetailsService created from registerAuthentication(AuthenticationManagerBuilder) as a bean. In general only the following override should be done of this method: 
 @Bean(name = "myUserDetailsService") // any or no name specified is allowed
 @Override
 public UserDetailsService userDetailsServiceBean() throws Exception {
     return super.userDetailsServiceBean();
 }
To change the instance returned, developers should change userDetailsService() instead

Returns:
Throws:
Exception
See Also:
#userDetailsService()}

userDetailsService

protected UserDetailsService userDetailsService()
Allows modifying and accessing the UserDetailsService from userDetailsServiceBean()() without interacting with the ApplicationContext. Developers should override this method when changing the instance of userDetailsServiceBean().

Returns:

init

public void init(WebSecurity web)
          throws Exception
Description copied from interface: SecurityConfigurer
Initialize the SecurityBuilder. Here only shared state should be created and modified, but not properties on the SecurityBuilder used for building the object. This ensures that the SecurityConfigurer.configure(SecurityBuilder) method uses the correct shared objects when building.

Specified by:
init in interface SecurityConfigurer<javax.servlet.Filter,WebSecurity>
Throws:
Exception

configure

public void configure(WebSecurity web)
               throws Exception
Override this method to configure WebSecurity. For example, if you wish to ignore certain requests.

Specified by:
configure in interface SecurityConfigurer<javax.servlet.Filter,WebSecurity>
Throws:
Exception

configure

protected void configure(HttpSecurity http)
                  throws Exception
Override this method to configure the HttpSecurity. Typically subclasses should not invoke this method by calling super as it may override their configuration. The default configuration is: 
 http
     .authorizeRequests()
         .anyRequest().authenticated().and()
     .formLogin().and()
     .httpBasic();

Parameters:
http - the HttpSecurity to modify
Throws:
Exception - if an error occurs

setApplicationContext

@Autowired
public void setApplicationContext(ApplicationContext context)

setContentNegotationStrategy

@Autowired(required=false)
public void setContentNegotationStrategy(org.springframework.web.accept.ContentNegotiationStrategy contentNegotiationStrategy)

setObjectPostProcessor

@Autowired(required=false)
public void setObjectPostProcessor(ObjectPostProcessor<Object> objectPostProcessor)
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD