org.springframework.security.config.annotation.web.configurers.openid
Class OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>>

java.lang.Object
  extended by org.springframework.security.config.annotation.SecurityConfigurerAdapter<DefaultSecurityFilterChain,B>
      extended by org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer<H,OpenIDLoginConfigurer<H>,OpenIDAuthenticationFilter>
          extended by org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer<H>
All Implemented Interfaces:
SecurityConfigurer<DefaultSecurityFilterChain,H>

public final class OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>>
extends AbstractAuthenticationFilterConfigurer<H,OpenIDLoginConfigurer<H>,OpenIDAuthenticationFilter>

Adds support for OpenID based authentication.

Example Configuration

 @Configuration
 @EnableWebSecurity
 public class OpenIDLoginConfig extends WebSecurityConfigurerAdapter {

        @Override
        protected void configure(HttpSecurity http) {
                http
                        .authorizeRequests()
                                .antMatchers("/**").hasRole("USER")
                                .and()
                        .openidLogin()
                                .permitAll();
        }

        @Override
        protected void registerAuthentication(
                        AuthenticationManagerBuilder auth) throws Exception {
                auth
                        .inMemoryAuthentication()
                                .withUser("https://www.google.com/accounts/o8/id?id=lmkCn9xzPdsxVwG7pjYMuDgNNdASFmobNkcRPaWU")
                                        .password("password")
                                        .roles("USER");
        }
 }
 

Security Filters

The following Filters are populated

Shared Objects Created

Shared Objects Used

The following shared objects are used:

Since:
3.2

Nested Class Summary
 class OpenIDLoginConfigurer.AttributeExchangeConfigurer
          A class used to add OpenID attributes to look up
 
Constructor Summary
OpenIDLoginConfigurer()
          Creates a new instance
 
Method Summary
 OpenIDLoginConfigurer.AttributeExchangeConfigurer attributeExchange(String identifierPattern)
          Sets up OpenID attribute exchange for OpenID's matching the specified pattern.
 OpenIDLoginConfigurer<H> authenticationUserDetailsService(AuthenticationUserDetailsService<OpenIDAuthenticationToken> authenticationUserDetailsService)
          The AuthenticationUserDetailsService to use.
 void configure(H http)
          Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.
 OpenIDLoginConfigurer<H> consumer(OpenIDConsumer consumer)
          Allows specifying the OpenIDConsumer to be used.
 OpenIDLoginConfigurer<H> consumerManager(org.openid4java.consumer.ConsumerManager consumerManager)
          Allows specifying the ConsumerManager to be used.
protected  RequestMatcher createLoginProcessingUrlMatcher(String loginProcessingUrl)
          Create the RequestMatcher given a loginProcessingUrl
 B disable()
          Disables the AbstractHttpConfigurer by removing it.
 void init(H http)
          Initialize the SecurityBuilder.
 OpenIDLoginConfigurer<H> loginPage(String loginPage)
           Specifies the URL to send users to if login is required.
 OpenIDLoginConfigurer<H> loginProcessingUrl(String loginProcessingUrl)
          Specifies the URL used to authenticate OpenID requests.
 T withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor)
           
 
Methods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
authenticationDetailsSource, defaultSuccessUrl, defaultSuccessUrl, failureHandler, failureUrl, getAuthenticationFilter, getFailureUrl, getLoginPage, getLoginProcessingUrl, isCustomLoginPage, permitAll, permitAll, successHandler
 
Methods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter
addObjectPostProcessor, and, getBuilder, postProcess, setBuilder
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

OpenIDLoginConfigurer

public OpenIDLoginConfigurer()
Creates a new instance

Method Detail

attributeExchange

public OpenIDLoginConfigurer.AttributeExchangeConfigurer attributeExchange(String identifierPattern)
Sets up OpenID attribute exchange for OpenID's matching the specified pattern.

Parameters:
identifierPattern - the regular expression for matching on OpenID's (i.e. "https://www.google.com/.*", ".*yahoo.com.*", etc)
Returns:
a OpenIDLoginConfigurer.AttributeExchangeConfigurer for further customizations of the attribute exchange

consumer

public OpenIDLoginConfigurer<H> consumer(OpenIDConsumer consumer)
Allows specifying the OpenIDConsumer to be used. The default is using an OpenID4JavaConsumer.

Parameters:
consumer - the OpenIDConsumer to be used
Returns:
the OpenIDLoginConfigurer for further customizations

consumerManager

public OpenIDLoginConfigurer<H> consumerManager(org.openid4java.consumer.ConsumerManager consumerManager)
Allows specifying the ConsumerManager to be used. If specified, will be populated into an OpenID4JavaConsumer.

This is a shortcut for specifying the OpenID4JavaConsumer with a specific ConsumerManager on consumer(OpenIDConsumer).

Parameters:
consumerManager - the ConsumerManager to use. Cannot be null.
Returns:
the OpenIDLoginConfigurer for further customizations

authenticationUserDetailsService

public OpenIDLoginConfigurer<H> authenticationUserDetailsService(AuthenticationUserDetailsService<OpenIDAuthenticationToken> authenticationUserDetailsService)
The AuthenticationUserDetailsService to use. By default a UserDetailsByNameServiceWrapper is used with the UserDetailsService shared object found with AbstractConfiguredSecurityBuilder.getSharedObject(Class).

Parameters:
authenticationUserDetailsService - the AuthenticationDetailsSource to use
Returns:
the OpenIDLoginConfigurer for further customizations

loginProcessingUrl

public OpenIDLoginConfigurer<H> loginProcessingUrl(String loginProcessingUrl)
Specifies the URL used to authenticate OpenID requests. If the HttpServletRequest matches this URL the OpenIDAuthenticationFilter will attempt to authenticate the request. The default is "/login/openid".

Overrides:
loginProcessingUrl in class AbstractAuthenticationFilterConfigurer<H extends HttpSecurityBuilder<H>,OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>>,OpenIDAuthenticationFilter>
Parameters:
loginUrl - the URL used to perform authentication
Returns:
the OpenIDLoginConfigurer for additional customization

loginPage

public OpenIDLoginConfigurer<H> loginPage(String loginPage)

Specifies the URL to send users to if login is required. If used with WebSecurityConfigurerAdapter a default login page will be generated when this attribute is not specified.

If a URL is specified or this is not being used in conjuction with WebSecurityConfigurerAdapter, users are required to process the specified URL to generate a login page.

Impact on other defaults

Updating this value, also impacts a number of other default values. For example, the following are the default values when only formLogin() was specified. If "/authenticate" was passed to this method it update the defaults as shown below:

Overrides:
loginPage in class AbstractAuthenticationFilterConfigurer<H extends HttpSecurityBuilder<H>,OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>>,OpenIDAuthenticationFilter>
Parameters:
loginPage - the login page to redirect to if authentication is required (i.e. "/login")
Returns:
the FormLoginConfigurer for additional customization

init

public void init(H http)
          throws Exception
Description copied from interface: SecurityConfigurer
Initialize the SecurityBuilder. Here only shared state should be created and modified, but not properties on the SecurityBuilder used for building the object. This ensures that the SecurityConfigurer.configure(SecurityBuilder) method uses the correct shared objects when building.

Specified by:
init in interface SecurityConfigurer<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>
Overrides:
init in class AbstractAuthenticationFilterConfigurer<H extends HttpSecurityBuilder<H>,OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>>,OpenIDAuthenticationFilter>
Throws:
Exception

configure

public void configure(H http)
               throws Exception
Description copied from interface: SecurityConfigurer
Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.

Specified by:
configure in interface SecurityConfigurer<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>
Overrides:
configure in class AbstractAuthenticationFilterConfigurer<H extends HttpSecurityBuilder<H>,OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>>,OpenIDAuthenticationFilter>
Throws:
Exception

createLoginProcessingUrlMatcher

protected RequestMatcher createLoginProcessingUrlMatcher(String loginProcessingUrl)
Description copied from class: AbstractAuthenticationFilterConfigurer
Create the RequestMatcher given a loginProcessingUrl

Specified by:
createLoginProcessingUrlMatcher in class AbstractAuthenticationFilterConfigurer<H extends HttpSecurityBuilder<H>,OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>>,OpenIDAuthenticationFilter>
Parameters:
loginProcessingUrl - creates the RequestMatcher based upon the loginProcessingUrl
Returns:
the RequestMatcher to use based upon the loginProcessingUrl

disable

public B disable()
Disables the AbstractHttpConfigurer by removing it. After doing so a fresh version of the configuration can be applied.

Returns:
the HttpSecurityBuilder for additional customizations

withObjectPostProcessor

public T withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor)