public abstract class AbstractAuthenticationFilterConfigurer<B extends HttpSecurityBuilder<B>,T extends AbstractAuthenticationFilterConfigurer<B,T,F>,F extends AbstractAuthenticationProcessingFilter> extends AbstractHttpConfigurer<T,B>
AbstractAuthenticationFilterConfigurer
. This is
intended for internal use only.FormLoginConfigurer
,
OpenIDLoginConfigurer
Modifier | Constructor and Description |
---|---|
protected |
AbstractAuthenticationFilterConfigurer()
Creates a new instance with minimal defaults
|
protected |
AbstractAuthenticationFilterConfigurer(F authenticationFilter,
java.lang.String defaultLoginProcessingUrl)
Creates a new instance
|
Modifier and Type | Method and Description |
---|---|
T |
authenticationDetailsSource(AuthenticationDetailsSource<javax.servlet.http.HttpServletRequest,?> authenticationDetailsSource)
Specifies a custom
AuthenticationDetailsSource . |
void |
configure(B http)
Configure the
SecurityBuilder by setting the necessary properties on the
SecurityBuilder . |
protected abstract RequestMatcher |
createLoginProcessingUrlMatcher(java.lang.String loginProcessingUrl)
Create the
RequestMatcher given a loginProcessingUrl |
T |
defaultSuccessUrl(java.lang.String defaultSuccessUrl)
Specifies where users will be redirected after authenticating successfully if
they have not visited a secured page prior to authenticating.
|
T |
defaultSuccessUrl(java.lang.String defaultSuccessUrl,
boolean alwaysUse)
Specifies where users will be redirected after authenticating successfully if
they have not visited a secured page prior to authenticating or
alwaysUse
is true. |
T |
failureHandler(AuthenticationFailureHandler authenticationFailureHandler)
Specifies the
AuthenticationFailureHandler to use when authentication
fails. |
T |
failureUrl(java.lang.String authenticationFailureUrl)
The URL to send users if authentication fails.
|
protected AuthenticationEntryPoint |
getAuthenticationEntryPoint()
Gets the Authentication Entry Point
|
protected RequestMatcher |
getAuthenticationEntryPointMatcher(B http) |
protected F |
getAuthenticationFilter()
Gets the Authentication Filter
|
protected java.lang.String |
getFailureUrl()
Gets the URL to send users to if authentication fails
|
protected java.lang.String |
getLoginPage()
Gets the login page
|
protected java.lang.String |
getLoginProcessingUrl()
Gets the URL to submit an authentication request to (i.e.
|
void |
init(B http)
Initialize the
SecurityBuilder . |
boolean |
isCustomLoginPage() |
protected T |
loginPage(java.lang.String loginPage)
Specifies the URL to send users to if login is required.
|
T |
loginProcessingUrl(java.lang.String loginProcessingUrl)
Specifies the URL to validate the credentials.
|
T |
permitAll()
Equivalent of invoking permitAll(true)
|
T |
permitAll(boolean permitAll)
Ensures the urls for
failureUrl(String) as well as for the HttpSecurityBuilder , the
getLoginPage() and getLoginProcessingUrl() are granted access to any user. |
protected void |
registerAuthenticationEntryPoint(B http,
AuthenticationEntryPoint authenticationEntryPoint) |
protected void |
registerDefaultAuthenticationEntryPoint(B http) |
protected void |
setAuthenticationFilter(F authFilter)
Sets the Authentication Filter
|
T |
successHandler(AuthenticationSuccessHandler successHandler)
Specifies the
AuthenticationSuccessHandler to be used. |
protected void |
updateAccessDefaults(B http)
Updates the default values for access.
|
protected void |
updateAuthenticationDefaults()
Updates the default values for authentication.
|
disable, withObjectPostProcessor
addObjectPostProcessor, and, getBuilder, postProcess, setBuilder
protected AbstractAuthenticationFilterConfigurer()
protected AbstractAuthenticationFilterConfigurer(F authenticationFilter, java.lang.String defaultLoginProcessingUrl)
authenticationFilter
- the AbstractAuthenticationProcessingFilter
to
usedefaultLoginProcessingUrl
- the default URL to use for
loginProcessingUrl(String)
public final T defaultSuccessUrl(java.lang.String defaultSuccessUrl)
defaultSuccessUrl(String, boolean)
.defaultSuccessUrl
- the default success urlFormLoginConfigurer
for additional customizationpublic final T defaultSuccessUrl(java.lang.String defaultSuccessUrl, boolean alwaysUse)
alwaysUse
is true. This is a shortcut for calling
successHandler(AuthenticationSuccessHandler)
.defaultSuccessUrl
- the default success urlalwaysUse
- true if the defaultSuccesUrl
should be used after
authentication despite if a protected page had been previously visitedFormLoginConfigurer
for additional customizationpublic T loginProcessingUrl(java.lang.String loginProcessingUrl)
loginProcessingUrl
- the URL to validate username and passwordFormLoginConfigurer
for additional customizationprotected abstract RequestMatcher createLoginProcessingUrlMatcher(java.lang.String loginProcessingUrl)
RequestMatcher
given a loginProcessingUrlloginProcessingUrl
- creates the RequestMatcher
based upon the
loginProcessingUrlRequestMatcher
to use based upon the loginProcessingUrlpublic final T authenticationDetailsSource(AuthenticationDetailsSource<javax.servlet.http.HttpServletRequest,?> authenticationDetailsSource)
AuthenticationDetailsSource
. The default is
WebAuthenticationDetailsSource
.authenticationDetailsSource
- the custom AuthenticationDetailsSource
FormLoginConfigurer
for additional customizationpublic final T successHandler(AuthenticationSuccessHandler successHandler)
AuthenticationSuccessHandler
to be used. The default is
SavedRequestAwareAuthenticationSuccessHandler
with no additional properties
set.successHandler
- the AuthenticationSuccessHandler
.FormLoginConfigurer
for additional customizationpublic final T permitAll()
FormLoginConfigurer
for additional customizationpublic final T permitAll(boolean permitAll)
failureUrl(String)
as well as for the HttpSecurityBuilder
, the
getLoginPage()
and getLoginProcessingUrl()
are granted access to any user.permitAll
- true to grant access to the URLs false to skip this stepFormLoginConfigurer
for additional customizationpublic final T failureUrl(java.lang.String authenticationFailureUrl)
failureHandler(AuthenticationFailureHandler)
. The default is
"/login?error".authenticationFailureUrl
- the URL to send users if authentication fails (i.e.
"/login?error").FormLoginConfigurer
for additional customizationpublic final T failureHandler(AuthenticationFailureHandler authenticationFailureHandler)
AuthenticationFailureHandler
to use when authentication
fails. The default is redirecting to "/login?error" using
SimpleUrlAuthenticationFailureHandler
authenticationFailureHandler
- the AuthenticationFailureHandler
to use
when authentication fails.FormLoginConfigurer
for additional customizationpublic void init(B http) throws java.lang.Exception
SecurityConfigurer
SecurityBuilder
. Here only shared state should be created
and modified, but not properties on the SecurityBuilder
used for building
the object. This ensures that the SecurityConfigurer.configure(SecurityBuilder)
method uses
the correct shared objects when building. Configurers should be applied here.init
in interface SecurityConfigurer<DefaultSecurityFilterChain,B extends HttpSecurityBuilder<B>>
init
in class SecurityConfigurerAdapter<DefaultSecurityFilterChain,B extends HttpSecurityBuilder<B>>
java.lang.Exception
protected final void registerDefaultAuthenticationEntryPoint(B http)
protected final void registerAuthenticationEntryPoint(B http, AuthenticationEntryPoint authenticationEntryPoint)
protected final RequestMatcher getAuthenticationEntryPointMatcher(B http)
public void configure(B http) throws java.lang.Exception
SecurityConfigurer
SecurityBuilder
by setting the necessary properties on the
SecurityBuilder
.configure
in interface SecurityConfigurer<DefaultSecurityFilterChain,B extends HttpSecurityBuilder<B>>
configure
in class SecurityConfigurerAdapter<DefaultSecurityFilterChain,B extends HttpSecurityBuilder<B>>
java.lang.Exception
protected T loginPage(java.lang.String loginPage)
Specifies the URL to send users to if login is required. If used with
WebSecurityConfigurerAdapter
a default login page will be generated when
this attribute is not specified.
If a URL is specified or this is not being used in conjuction with
WebSecurityConfigurerAdapter
, users are required to process the specified
URL to generate a login page.
public final boolean isCustomLoginPage()
protected final F getAuthenticationFilter()
protected final void setAuthenticationFilter(F authFilter)
authFilter
- the Authentication Filterprotected final java.lang.String getLoginPage()
protected final AuthenticationEntryPoint getAuthenticationEntryPoint()
protected final java.lang.String getLoginProcessingUrl()
protected final java.lang.String getFailureUrl()
protected final void updateAuthenticationDefaults()
java.lang.Exception
protected final void updateAccessDefaults(B http)