org.springframework.security.config.annotation.web.configurers
Class X509Configurer<H extends HttpSecurityBuilder<H>>

java.lang.Object
  org.springframework.security.config.annotation.SecurityConfigurerAdapter<DefaultSecurityFilterChain,B>
      org.springframework.security.config.annotation.web.configurers.X509Configurer<H>

All Implemented Interfaces:

SecurityConfigurer<DefaultSecurityFilterChain,H>

public final class X509Configurer<H extends HttpSecurityBuilder<H>>
extends SecurityConfigurerAdapter<DefaultSecurityFilterChain,B>

Adds X509 based pre authentication to an application. Since validating the certificate happens when the client connects, the requesting and validation of the client certificate should be performed by the container. Spring Security will then use the certificate to look up the Authentication for the user.

Security Filters

The following Filters are populated

• X509AuthenticationFilter

Shared Objects Created

The following shared objects are created

• AuthenticationEntryPoint is populated with an Http403ForbiddenEntryPoint
• A PreAuthenticatedAuthenticationProvider is populated into HttpSecurity.authenticationProvider(org.springframework.security.authentication.AuthenticationProvider)

Shared Objects Used

The following shared objects are used:

• A UserDetailsService shared object is used if no AuthenticationUserDetailsService is specified

Since:

3.2

Constructor Summary

X509Configurer()
Creates a new instance

Method Summary

X509Configurer<H>	authenticationDetailsSource(AuthenticationDetailsSource<javax.servlet.http.HttpServletRequest,PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails> authenticationDetailsSource) Specifies the AuthenticationDetailsSource
X509Configurer<H>	authenticationUserDetailsService(AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken> authenticationUserDetailsService) Specifies the AuthenticationUserDetailsService to use.
void	configure(H http) Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.
B	disable() Disables the AbstractHttpConfigurer by removing it.
void	init(H http) Initialize the SecurityBuilder.
X509Configurer<H>	subjectPrincipalRegex(String subjectPrincipalRegex) Specifies the regex to extract the principal from the certificate.
X509Configurer<H>	userDetailsService(UserDetailsService userDetailsService) Shortcut for invoking authenticationUserDetailsService(AuthenticationUserDetailsService) with a UserDetailsByNameServiceWrapper.
T	withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor)
X509Configurer<H>	x509AuthenticationFilter(X509AuthenticationFilter x509AuthenticationFilter) Allows specifying the entire X509AuthenticationFilter.

Methods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter

addObjectPostProcessor, and, getBuilder, postProcess, setBuilder

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

X509Configurer

public X509Configurer()

Creates a new instance

See Also:

HttpSecurity.x509()

Method Detail

x509AuthenticationFilter

public X509Configurer<H> x509AuthenticationFilter(X509AuthenticationFilter x509AuthenticationFilter)

Allows specifying the entire X509AuthenticationFilter. If this is specified, the properties on X509Configurer will not be populated on the X509AuthenticationFilter.

Parameters:

x509AuthenticationFilter - the X509AuthenticationFilter to use

Returns:

the X509Configurer for further customizations

authenticationDetailsSource

public X509Configurer<H> authenticationDetailsSource(AuthenticationDetailsSource<javax.servlet.http.HttpServletRequest,PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails> authenticationDetailsSource)

Specifies the AuthenticationDetailsSource

Parameters:

authenticationDetailsSource - the AuthenticationDetailsSource to use

Returns:

the X509Configurer to use

userDetailsService

public X509Configurer<H> userDetailsService(UserDetailsService userDetailsService)

Shortcut for invoking authenticationUserDetailsService(AuthenticationUserDetailsService) with a UserDetailsByNameServiceWrapper.

Parameters:

userDetailsService - the UserDetailsService to use

Returns:

the X509Configurer for further customizations

authenticationUserDetailsService

public X509Configurer<H> authenticationUserDetailsService(AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken> authenticationUserDetailsService)

Specifies the AuthenticationUserDetailsService to use. If not specified, the shared UserDetailsService will be used to create a UserDetailsByNameServiceWrapper.

Parameters:

authenticationUserDetailsService - the AuthenticationUserDetailsService to use

Returns:

the X509Configurer for further customizations

subjectPrincipalRegex

public X509Configurer<H> subjectPrincipalRegex(String subjectPrincipalRegex)

Specifies the regex to extract the principal from the certificate. If not specified, the default expression from SubjectDnX509PrincipalExtractor is used.

Parameters:

subjectPrincipalRegex - the regex to extract the user principal from the certificate (i.e. "CN=(.*?)(?:,|$)").

Returns:

the X509Configurer for further customizations

init

public void init(H http)
          throws Exception

Description copied from interface: SecurityConfigurer

Initialize the SecurityBuilder. Here only shared state should be created and modified, but not properties on the SecurityBuilder used for building the object. This ensures that the SecurityConfigurer.configure(SecurityBuilder) method uses the correct shared objects when building.

Specified by:

init in interface SecurityConfigurer<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>

Overrides:

init in class SecurityConfigurerAdapter<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>

Throws:

Exception

configure

public void configure(H http)
               throws Exception

Description copied from interface: SecurityConfigurer

Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.

Specified by:

configure in interface SecurityConfigurer<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>

Overrides:

configure in class SecurityConfigurerAdapter<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>

Throws:

Exception

disable

public B disable()

Disables the AbstractHttpConfigurer by removing it. After doing so a fresh version of the configuration can be applied.

Returns:

the HttpSecurityBuilder for additional customizations

withObjectPostProcessor

public T withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor)