|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
public abstract class WebSecurityConfigurerAdapter
Provides a convenient base class for creating a WebSecurityConfigurer
instance. The implementation allows customization by overriding methods.
EnableWebSecurity
Constructor Summary | |
---|---|
protected |
WebSecurityConfigurerAdapter()
Creates an instance with the default configuration enabled. |
protected |
WebSecurityConfigurerAdapter(boolean disableDefaults)
Creates an instance which allows specifying if the default configuration should be enabled. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
protected WebSecurityConfigurerAdapter()
protected WebSecurityConfigurerAdapter(boolean disableDefaults)
disableDefaults
- true if the default configuration should be enabled, else
falseMethod Detail |
---|
protected void registerAuthentication(AuthenticationManagerBuilder auth) throws Exception
authenticationManager()
to attempt to obtain an
AuthenticationManager
. If overridden, the AuthenticationManagerBuilder
should be used to specify
the AuthenticationManager
. The resulting AuthenticationManager
will be exposed as a Bean as will the last populated UserDetailsService
that is created with the
AuthenticationManagerBuilder
. The UserDetailsService
will also automatically be populated on
AbstractConfiguredSecurityBuilder.getSharedObject(Class)
for use with other SecurityContextConfigurer
(i.e. RememberMeConfigurer )
For example, the following configuration could be used to register
in memory authentication that exposes an in memory UserDetailsService
:
@Override protected void registerAuthentication(AuthenticationManagerBuilder auth) { auth // enable in memory based authentication with a user named "user" and "admin" .inMemoryAuthentication() .withUser("user").password("password").roles("USER").and() .withUser("admin").password("password").roles("USER", "ADMIN"); }
auth
- the AuthenticationManagerBuilder
to use
Exception
protected final HttpSecurity getHttp() throws Exception
HttpSecurity
or returns the current instance
HttpSecurity
Exception
public AuthenticationManager authenticationManagerBean() throws Exception
AuthenticationManager
from
registerAuthentication(AuthenticationManagerBuilder)
to be exposed as
a Bean. For example:
@Bean(name name="myAuthenticationManager") @Override public AuthenticationManager authenticationManagerBean() throws Exception { return super.authenticationManagerBean(); }
AuthenticationManager
Exception
protected AuthenticationManager authenticationManager() throws Exception
AuthenticationManager
to use. The default strategy is if
registerAuthentication(AuthenticationManagerBuilder)
method is
overridden to use the AuthenticationManagerBuilder
that was passed in.
Otherwise, autowire the AuthenticationManager
by type.
Exception
public UserDetailsService userDetailsServiceBean() throws Exception
UserDetailsService
created from
registerAuthentication(AuthenticationManagerBuilder)
as a bean. In
general only the following override should be done of this method:
@Bean(name = "myUserDetailsService") // any or no name specified is allowed @Override public UserDetailsService userDetailsServiceBean() throws Exception { return super.userDetailsServiceBean(); }To change the instance returned, developers should change
userDetailsService()
instead
Exception
#userDetailsService()}
protected UserDetailsService userDetailsService()
UserDetailsService
from
userDetailsServiceBean()()
without interacting with the
ApplicationContext
. Developers should override this method when
changing the instance of userDetailsServiceBean()
.
public void init(WebSecurity web) throws Exception
SecurityConfigurer
SecurityBuilder
. Here only shared state should be
created and modified, but not properties on the SecurityBuilder
used for building the object. This ensures that the
SecurityConfigurer.configure(SecurityBuilder)
method uses the correct shared
objects when building.
init
in interface SecurityConfigurer<javax.servlet.Filter,WebSecurity>
Exception
public void configure(WebSecurity web) throws Exception
WebSecurity
. For
example, if you wish to ignore certain requests.
configure
in interface SecurityConfigurer<javax.servlet.Filter,WebSecurity>
Exception
protected void configure(HttpSecurity http) throws Exception
HttpSecurity
.
Typically subclasses should not invoke this method by calling super
as it may override their configuration. The default configuration is:
http .authorizeRequests() .anyRequest().authenticated().and() .formLogin().and() .httpBasic();
http
- the HttpSecurity
to modify
Exception
- if an error occurs@Autowired public void setApplicationContext(ApplicationContext context)
@Autowired(required=false) public void setContentNegotationStrategy(org.springframework.web.accept.ContentNegotiationStrategy contentNegotiationStrategy)
@Autowired(required=false) public void setObjectPostProcessor(ObjectPostProcessor<Object> objectPostProcessor)
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |