public abstract class AbstractAuthenticationFilterConfigurer<B extends HttpSecurityBuilder<B>,T extends AbstractAuthenticationFilterConfigurer<B,T,F>,F extends AbstractAuthenticationProcessingFilter> extends SecurityConfigurerAdapter<DefaultSecurityFilterChain,B>
AbstractAuthenticationFilterConfigurer
. This is intended for internal use only.FormLoginConfigurer
,
OpenIDLoginConfigurer
Modifier | Constructor and Description |
---|---|
protected |
AbstractAuthenticationFilterConfigurer(F authenticationFilter,
String defaultLoginProcessingUrl)
Creates a new instance
|
Modifier and Type | Method and Description |
---|---|
T |
authenticationDetailsSource(AuthenticationDetailsSource<javax.servlet.http.HttpServletRequest,?> authenticationDetailsSource)
Specifies a custom
AuthenticationDetailsSource . |
void |
configure(B http)
Configure the
SecurityBuilder by setting the necessary properties
on the SecurityBuilder . |
protected abstract RequestMatcher |
createLoginProcessingUrlMatcher(String loginProcessingUrl)
Create the
RequestMatcher given a loginProcessingUrl |
T |
defaultSuccessUrl(String defaultSuccessUrl)
Specifies where users will go after authenticating successfully if they
have not visited a secured page prior to authenticating.
|
T |
defaultSuccessUrl(String defaultSuccessUrl,
boolean alwaysUse)
Specifies where users will go after authenticating successfully if they
have not visited a secured page prior to authenticating or
alwaysUse is true. |
B |
disable()
Disables the
AbstractHttpConfigurer by removing it. |
T |
failureHandler(AuthenticationFailureHandler authenticationFailureHandler)
Specifies the
AuthenticationFailureHandler to use when
authentication fails. |
T |
failureUrl(String authenticationFailureUrl)
The URL to send users if authentication fails.
|
protected F |
getAuthenticationFilter()
Gets the Authentication Filter
|
protected String |
getFailureUrl()
Gets the URL to send users to if authentication fails
|
protected String |
getLoginPage()
Gets the login page
|
protected String |
getLoginProcessingUrl()
Gets the URL to submit an authentication request to (i.e.
|
void |
init(B http)
Initialize the
SecurityBuilder . |
boolean |
isCustomLoginPage() |
protected T |
loginPage(String loginPage)
Specifies the URL to send users to if login is required.
|
T |
loginProcessingUrl(String loginProcessingUrl)
Specifies the URL to validate the credentials.
|
T |
permitAll()
Equivalent of invoking permitAll(true)
|
T |
permitAll(boolean permitAll)
Ensures the urls for
failureUrl(String) and
#authenticationUrls(String) are granted access to any user. |
T |
successHandler(AuthenticationSuccessHandler successHandler)
Specifies the
AuthenticationSuccessHandler to be used. |
T |
withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor) |
addObjectPostProcessor, and, getBuilder, postProcess, setBuilder
protected AbstractAuthenticationFilterConfigurer(F authenticationFilter, String defaultLoginProcessingUrl)
authenticationFilter
- the AbstractAuthenticationProcessingFilter
to usedefaultLoginProcessingUrl
- the default URL to use for loginProcessingUrl(String)
public final T defaultSuccessUrl(String defaultSuccessUrl)
defaultSuccessUrl(String)
.defaultSuccessUrl
- the default success urlFormLoginConfigurer
for additional customizationpublic final T defaultSuccessUrl(String defaultSuccessUrl, boolean alwaysUse)
alwaysUse
is true. This is a shortcut for calling
successHandler(AuthenticationSuccessHandler)
.defaultSuccessUrl
- the default success urlalwaysUse
- true if the defaultSuccesUrl
should be used after
authentication despite if a protected page had been previously
visitedFormLoginConfigurer
for additional customizationpublic T loginProcessingUrl(String loginProcessingUrl)
loginProcessingUrl
- the URL to validate username and passwordFormLoginConfigurer
for additional customizationprotected abstract RequestMatcher createLoginProcessingUrlMatcher(String loginProcessingUrl)
RequestMatcher
given a loginProcessingUrlloginProcessingUrl
- creates the RequestMatcher
based upon the loginProcessingUrlRequestMatcher
to use based upon the loginProcessingUrlpublic final T authenticationDetailsSource(AuthenticationDetailsSource<javax.servlet.http.HttpServletRequest,?> authenticationDetailsSource)
AuthenticationDetailsSource
. The default is WebAuthenticationDetailsSource
.authenticationDetailsSource
- the custom AuthenticationDetailsSource
FormLoginConfigurer
for additional customizationpublic final T successHandler(AuthenticationSuccessHandler successHandler)
AuthenticationSuccessHandler
to be used. The
default is SavedRequestAwareAuthenticationSuccessHandler
with no
additional properites set.successHandler
- the AuthenticationSuccessHandler
.FormLoginConfigurer
for additional customizationpublic final T permitAll()
public final T permitAll(boolean permitAll)
failureUrl(String)
and
#authenticationUrls(String)
are granted access to any user.permitAll
- true to grant access to the URLs false to skip this stepFormLoginConfigurer
for additional customizationpublic final T failureUrl(String authenticationFailureUrl)
failureHandler(AuthenticationFailureHandler)
. The
default is "/login?error".authenticationFailureUrl
- the URL to send users if authentication fails (i.e.
"/login?error").FormLoginConfigurer
for additional customizationpublic final T failureHandler(AuthenticationFailureHandler authenticationFailureHandler)
AuthenticationFailureHandler
to use when
authentication fails. The default is redirecting to "/login?error" using
SimpleUrlAuthenticationFailureHandler
authenticationFailureHandler
- the AuthenticationFailureHandler
to use when
authentication fails.FormLoginConfigurer
for additional customizationpublic void init(B http) throws Exception
SecurityConfigurer
SecurityBuilder
. Here only shared state should be
created and modified, but not properties on the SecurityBuilder
used for building the object. This ensures that the
SecurityConfigurer.configure(SecurityBuilder)
method uses the correct shared
objects when building.init
in interface SecurityConfigurer<DefaultSecurityFilterChain,B extends HttpSecurityBuilder<B>>
init
in class SecurityConfigurerAdapter<DefaultSecurityFilterChain,B extends HttpSecurityBuilder<B>>
Exception
public void configure(B http) throws Exception
SecurityConfigurer
SecurityBuilder
by setting the necessary properties
on the SecurityBuilder
.configure
in interface SecurityConfigurer<DefaultSecurityFilterChain,B extends HttpSecurityBuilder<B>>
configure
in class SecurityConfigurerAdapter<DefaultSecurityFilterChain,B extends HttpSecurityBuilder<B>>
Exception
protected T loginPage(String loginPage)
Specifies the URL to send users to if login is required. If used with
WebSecurityConfigurerAdapter
a default login page will be
generated when this attribute is not specified.
If a URL is specified or this is not being used in conjuction with
WebSecurityConfigurerAdapter
, users are required to process the
specified URL to generate a login page.
public final boolean isCustomLoginPage()
protected final F getAuthenticationFilter()
protected final String getLoginPage()
protected final String getLoginProcessingUrl()
protected final String getFailureUrl()
public B disable()
AbstractHttpConfigurer
by removing it. After doing
so a fresh version of the configuration can be applied.HttpSecurityBuilder
for additional customizationspublic T withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor)