org.springframework.security.config.annotation.web.configurers
Class AbstractAuthenticationFilterConfigurer<B extends HttpSecurityBuilder<B>,T extends AbstractAuthenticationFilterConfigurer<B,T,F>,F extends AbstractAuthenticationProcessingFilter>

java.lang.Object
  org.springframework.security.config.annotation.SecurityConfigurerAdapter<DefaultSecurityFilterChain,B>
      org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer<B,T,F>

All Implemented Interfaces:

SecurityConfigurer<DefaultSecurityFilterChain,B>

Direct Known Subclasses:

FormLoginConfigurer, OpenIDLoginConfigurer

public abstract class AbstractAuthenticationFilterConfigurer<B extends HttpSecurityBuilder<B>,T extends AbstractAuthenticationFilterConfigurer<B,T,F>,F extends AbstractAuthenticationProcessingFilter>
extends SecurityConfigurerAdapter<DefaultSecurityFilterChain,B>

Base class for confuring AbstractAuthenticationFilterConfigurer. This is intended for internal use only.

Since:

3.2

See Also:

FormLoginConfigurer, OpenIDLoginConfigurer

Constructor Summary

protected

AbstractAuthenticationFilterConfigurer(F authenticationFilter, String defaultLoginProcessingUrl) Creates a new instance

Method Summary

T	authenticationDetailsSource(AuthenticationDetailsSource<javax.servlet.http.HttpServletRequest,?> authenticationDetailsSource) Specifies a custom AuthenticationDetailsSource.
void	configure(B http) Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.
protected abstract RequestMatcher	createLoginProcessingUrlMatcher(String loginProcessingUrl) Create the RequestMatcher given a loginProcessingUrl
T	defaultSuccessUrl(String defaultSuccessUrl) Specifies where users will go after authenticating successfully if they have not visited a secured page prior to authenticating.
T	defaultSuccessUrl(String defaultSuccessUrl, boolean alwaysUse) Specifies where users will go after authenticating successfully if they have not visited a secured page prior to authenticating or alwaysUse is true.
B	disable() Disables the AbstractHttpConfigurer by removing it.
T	failureHandler(AuthenticationFailureHandler authenticationFailureHandler) Specifies the AuthenticationFailureHandler to use when authentication fails.
T	failureUrl(String authenticationFailureUrl) The URL to send users if authentication fails.
protected F	getAuthenticationFilter() Gets the Authentication Filter
protected String	getFailureUrl() Gets the URL to send users to if authentication fails
protected String	getLoginPage() Gets the login page
protected String	getLoginProcessingUrl() Gets the URL to submit an authentication request to (i.e.
void	init(B http) Initialize the SecurityBuilder.
boolean	isCustomLoginPage()
protected T	loginPage(String loginPage) Specifies the URL to send users to if login is required.
T	loginProcessingUrl(String loginProcessingUrl) Specifies the URL to validate the credentials.
T	permitAll() Equivalent of invoking permitAll(true)
T	permitAll(boolean permitAll) Ensures the urls for failureUrl(String) and #authenticationUrls(String) are granted access to any user.
T	successHandler(AuthenticationSuccessHandler successHandler) Specifies the AuthenticationSuccessHandler to be used.
T	withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor)

Methods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter

addObjectPostProcessor, and, getBuilder, postProcess, setBuilder

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AbstractAuthenticationFilterConfigurer

protected AbstractAuthenticationFilterConfigurer(F authenticationFilter,
                                                 String defaultLoginProcessingUrl)

Creates a new instance

Parameters:

authenticationFilter - the AbstractAuthenticationProcessingFilter to use

defaultLoginProcessingUrl - the default URL to use for loginProcessingUrl(String)

Method Detail

defaultSuccessUrl

public final T defaultSuccessUrl(String defaultSuccessUrl)

Specifies where users will go after authenticating successfully if they have not visited a secured page prior to authenticating. This is a shortcut for calling defaultSuccessUrl(String).

Parameters:

defaultSuccessUrl - the default success url

Returns:

the FormLoginConfigurer for additional customization

defaultSuccessUrl

public final T defaultSuccessUrl(String defaultSuccessUrl,
                                 boolean alwaysUse)

Specifies where users will go after authenticating successfully if they have not visited a secured page prior to authenticating or alwaysUse is true. This is a shortcut for calling successHandler(AuthenticationSuccessHandler).

Parameters:

defaultSuccessUrl - the default success url

alwaysUse - true if the defaultSuccesUrl should be used after authentication despite if a protected page had been previously visited

Returns:

the FormLoginConfigurer for additional customization

loginProcessingUrl

public T loginProcessingUrl(String loginProcessingUrl)

Specifies the URL to validate the credentials.

Parameters:

loginProcessingUrl - the URL to validate username and password

Returns:

the FormLoginConfigurer for additional customization

createLoginProcessingUrlMatcher

protected abstract RequestMatcher createLoginProcessingUrlMatcher(String loginProcessingUrl)

Create the RequestMatcher given a loginProcessingUrl

Parameters:

loginProcessingUrl - creates the RequestMatcher based upon the loginProcessingUrl

Returns:

the RequestMatcher to use based upon the loginProcessingUrl

authenticationDetailsSource

public final T authenticationDetailsSource(AuthenticationDetailsSource<javax.servlet.http.HttpServletRequest,?> authenticationDetailsSource)

Specifies a custom AuthenticationDetailsSource. The default is WebAuthenticationDetailsSource.

Parameters:

authenticationDetailsSource - the custom AuthenticationDetailsSource

Returns:

the FormLoginConfigurer for additional customization

successHandler

public final T successHandler(AuthenticationSuccessHandler successHandler)

Specifies the AuthenticationSuccessHandler to be used. The default is SavedRequestAwareAuthenticationSuccessHandler with no additional properites set.

Parameters:

successHandler - the AuthenticationSuccessHandler.

Returns:

the FormLoginConfigurer for additional customization

permitAll

public final T permitAll()

Equivalent of invoking permitAll(true)

Returns:

permitAll

public final T permitAll(boolean permitAll)

Ensures the urls for failureUrl(String) and #authenticationUrls(String) are granted access to any user.

Parameters:

permitAll - true to grant access to the URLs false to skip this step

Returns:

the FormLoginConfigurer for additional customization

failureUrl

public final T failureUrl(String authenticationFailureUrl)

The URL to send users if authentication fails. This is a shortcut for invoking failureHandler(AuthenticationFailureHandler). The default is "/login?error".

Parameters:

authenticationFailureUrl - the URL to send users if authentication fails (i.e. "/login?error").

Returns:

the FormLoginConfigurer for additional customization

failureHandler

public final T failureHandler(AuthenticationFailureHandler authenticationFailureHandler)

Specifies the AuthenticationFailureHandler to use when authentication fails. The default is redirecting to "/login?error" using SimpleUrlAuthenticationFailureHandler

Parameters:

authenticationFailureHandler - the AuthenticationFailureHandler to use when authentication fails.

Returns:

the FormLoginConfigurer for additional customization

init

public void init(B http)
          throws Exception

Description copied from interface: SecurityConfigurer

Initialize the SecurityBuilder. Here only shared state should be created and modified, but not properties on the SecurityBuilder used for building the object. This ensures that the SecurityConfigurer.configure(SecurityBuilder) method uses the correct shared objects when building.

Specified by:

init in interface SecurityConfigurer<DefaultSecurityFilterChain,B extends HttpSecurityBuilder<B>>

Overrides:

init in class SecurityConfigurerAdapter<DefaultSecurityFilterChain,B extends HttpSecurityBuilder<B>>

Throws:

Exception

configure

public void configure(B http)
               throws Exception

Description copied from interface: SecurityConfigurer

Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.

Specified by:

configure in interface SecurityConfigurer<DefaultSecurityFilterChain,B extends HttpSecurityBuilder<B>>

Overrides:

configure in class SecurityConfigurerAdapter<DefaultSecurityFilterChain,B extends HttpSecurityBuilder<B>>

Throws:

Exception

loginPage

protected T loginPage(String loginPage)

Specifies the URL to send users to if login is required. If used with WebSecurityConfigurerAdapter a default login page will be generated when this attribute is not specified.

If a URL is specified or this is not being used in conjuction with WebSecurityConfigurerAdapter, users are required to process the specified URL to generate a login page.

isCustomLoginPage

public final boolean isCustomLoginPage()

Returns:

true if a custom login page has been specified, else false

getAuthenticationFilter

protected final F getAuthenticationFilter()

Gets the Authentication Filter

Returns:

getLoginPage

protected final String getLoginPage()

Gets the login page

Returns:

the login page

getLoginProcessingUrl

protected final String getLoginProcessingUrl()

Gets the URL to submit an authentication request to (i.e. where username/password must be submitted)

Returns:

the URL to submit an authentication request to

getFailureUrl

protected final String getFailureUrl()

Gets the URL to send users to if authentication fails

Returns:

disable

public B disable()

Disables the AbstractHttpConfigurer by removing it. After doing so a fresh version of the configuration can be applied.

Returns:

the HttpSecurityBuilder for additional customizations

withObjectPostProcessor

public T withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor)