Class X509Configurer<H extends HttpSecurityBuilder<H>>
- java.lang.Object
-
- org.springframework.security.config.annotation.SecurityConfigurerAdapter<DefaultSecurityFilterChain,B>
-
- org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer<X509Configurer<H>,H>
-
- org.springframework.security.config.annotation.web.configurers.X509Configurer<H>
-
- All Implemented Interfaces:
SecurityConfigurer<DefaultSecurityFilterChain,H>
public final class X509Configurer<H extends HttpSecurityBuilder<H>> extends AbstractHttpConfigurer<X509Configurer<H>,H>
Adds X509 based pre authentication to an application. Since validating the certificate happens when the client connects, the requesting and validation of the client certificate should be performed by the container. Spring Security will then use the certificate to look up theAuthentication
for the user.Security Filters
The following Filters are populated
Shared Objects Created
The following shared objects are created
AuthenticationEntryPoint
is populated with anHttp403ForbiddenEntryPoint
- A
PreAuthenticatedAuthenticationProvider
is populated intoHttpSecurity.authenticationProvider(org.springframework.security.authentication.AuthenticationProvider)
Shared Objects Used
The following shared objects are used:
- A
UserDetailsService
shared object is used if noAuthenticationUserDetailsService
is specified
- Since:
- 3.2
-
-
Constructor Summary
Constructors Constructor Description X509Configurer()
Creates a new instance
-
Method Summary
-
Methods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer
disable, withObjectPostProcessor
-
Methods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter
addObjectPostProcessor, and, getBuilder, postProcess, setBuilder
-
-
-
-
Constructor Detail
-
X509Configurer
public X509Configurer()
Creates a new instance- See Also:
HttpSecurity.x509()
-
-
Method Detail
-
x509AuthenticationFilter
public X509Configurer<H> x509AuthenticationFilter(X509AuthenticationFilter x509AuthenticationFilter)
Allows specifying the entireX509AuthenticationFilter
. If this is specified, the properties onX509Configurer
will not be populated on theX509AuthenticationFilter
.- Parameters:
x509AuthenticationFilter
- theX509AuthenticationFilter
to use- Returns:
- the
X509Configurer
for further customizations
-
x509PrincipalExtractor
public X509Configurer<H> x509PrincipalExtractor(X509PrincipalExtractor x509PrincipalExtractor)
Specifies theX509PrincipalExtractor
- Parameters:
x509PrincipalExtractor
- theX509PrincipalExtractor
to use- Returns:
- the
X509Configurer
to use
-
authenticationDetailsSource
public X509Configurer<H> authenticationDetailsSource(AuthenticationDetailsSource<javax.servlet.http.HttpServletRequest,PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails> authenticationDetailsSource)
Specifies theAuthenticationDetailsSource
- Parameters:
authenticationDetailsSource
- theAuthenticationDetailsSource
to use- Returns:
- the
X509Configurer
to use
-
userDetailsService
public X509Configurer<H> userDetailsService(UserDetailsService userDetailsService)
Shortcut for invokingauthenticationUserDetailsService(AuthenticationUserDetailsService)
with aUserDetailsByNameServiceWrapper
.- Parameters:
userDetailsService
- theUserDetailsService
to use- Returns:
- the
X509Configurer
for further customizations
-
authenticationUserDetailsService
public X509Configurer<H> authenticationUserDetailsService(AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken> authenticationUserDetailsService)
Specifies theAuthenticationUserDetailsService
to use. If not specified, the sharedUserDetailsService
will be used to create aUserDetailsByNameServiceWrapper
.- Parameters:
authenticationUserDetailsService
- theAuthenticationUserDetailsService
to use- Returns:
- the
X509Configurer
for further customizations
-
subjectPrincipalRegex
public X509Configurer<H> subjectPrincipalRegex(java.lang.String subjectPrincipalRegex)
Specifies the regex to extract the principal from the certificate. If not specified, the default expression fromSubjectDnX509PrincipalExtractor
is used.- Parameters:
subjectPrincipalRegex
- the regex to extract the user principal from the certificate (i.e. "CN=(.*?)(?:,|$)").- Returns:
- the
X509Configurer
for further customizations
-
init
public void init(H http)
Description copied from interface:SecurityConfigurer
Initialize theSecurityBuilder
. Here only shared state should be created and modified, but not properties on theSecurityBuilder
used for building the object. This ensures that theSecurityConfigurer.configure(SecurityBuilder)
method uses the correct shared objects when building. Configurers should be applied here.- Specified by:
init
in interfaceSecurityConfigurer<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>
- Overrides:
init
in classSecurityConfigurerAdapter<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>
-
configure
public void configure(H http)
Description copied from interface:SecurityConfigurer
Configure theSecurityBuilder
by setting the necessary properties on theSecurityBuilder
.- Specified by:
configure
in interfaceSecurityConfigurer<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>
- Overrides:
configure
in classSecurityConfigurerAdapter<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>
-
-