Class OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>>
- java.lang.Object
-
- org.springframework.security.config.annotation.SecurityConfigurerAdapter<DefaultSecurityFilterChain,B>
-
- org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer<T,B>
-
- org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer<H,OpenIDLoginConfigurer<H>,OpenIDAuthenticationFilter>
-
- org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer<H>
-
- All Implemented Interfaces:
SecurityConfigurer<DefaultSecurityFilterChain,H>
@Deprecated public final class OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>> extends AbstractAuthenticationFilterConfigurer<H,OpenIDLoginConfigurer<H>,OpenIDAuthenticationFilter>
Deprecated.The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported byspring-security-oauth2
.Adds support for OpenID based authentication.Example Configuration
@Configuration @EnableWebSecurity public class OpenIDLoginConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) { http .authorizeRequests() .antMatchers("/**").hasRole("USER") .and() .openidLogin() .permitAll(); } @Override protected void configure(AuthenticationManagerBuilder auth)( AuthenticationManagerBuilder auth) throws Exception { auth .inMemoryAuthentication() .withUser("https://www.google.com/accounts/o8/id?id=lmkCn9xzPdsxVwG7pjYMuDgNNdASFmobNkcRPaWU") .password("password") .roles("USER"); } }
Security Filters
The following Filters are populatedShared Objects Created
AuthenticationEntryPoint
is populated with aLoginUrlAuthenticationEntryPoint
- An
OpenIDAuthenticationProvider
is populated intoHttpSecurity.authenticationProvider(org.springframework.security.authentication.AuthenticationProvider)
Shared Objects Used
The following shared objects are used:AuthenticationManager
RememberMeServices
- is optionally used. SeeRememberMeConfigurer
SessionAuthenticationStrategy
- is optionally used. SeeSessionManagementConfigurer
- Since:
- 3.2
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description class
OpenIDLoginConfigurer.AttributeExchangeConfigurer
Deprecated.A class used to add OpenID attributes to look up
-
Constructor Summary
Constructors Constructor Description OpenIDLoginConfigurer()
Deprecated.Creates a new instance
-
Method Summary
All Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description OpenIDLoginConfigurer.AttributeExchangeConfigurer
attributeExchange(java.lang.String identifierPattern)
Deprecated.Sets up OpenID attribute exchange for OpenID's matching the specified pattern.OpenIDLoginConfigurer<H>
attributeExchange(Customizer<OpenIDLoginConfigurer.AttributeExchangeConfigurer> attributeExchangeCustomizer)
Deprecated.Sets up OpenID attribute exchange for OpenIDs matching the specified pattern.OpenIDLoginConfigurer<H>
authenticationUserDetailsService(AuthenticationUserDetailsService<OpenIDAuthenticationToken> authenticationUserDetailsService)
Deprecated.TheAuthenticationUserDetailsService
to use.void
configure(H http)
Deprecated.Configure theSecurityBuilder
by setting the necessary properties on theSecurityBuilder
.OpenIDLoginConfigurer<H>
consumer(OpenIDConsumer consumer)
Deprecated.Allows specifying theOpenIDConsumer
to be used.OpenIDLoginConfigurer<H>
consumerManager(org.openid4java.consumer.ConsumerManager consumerManager)
Deprecated.Allows specifying theConsumerManager
to be used.protected RequestMatcher
createLoginProcessingUrlMatcher(java.lang.String loginProcessingUrl)
Deprecated.Create theRequestMatcher
given a loginProcessingUrlvoid
init(H http)
Deprecated.Initialize theSecurityBuilder
.OpenIDLoginConfigurer<H>
loginPage(java.lang.String loginPage)
Deprecated.Specifies the URL to send users to if login is required.OpenIDLoginConfigurer<H>
loginProcessingUrl(java.lang.String loginProcessingUrl)
Deprecated.Specifies the URL used to authenticate OpenID requests.-
Methods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
authenticationDetailsSource, defaultSuccessUrl, defaultSuccessUrl, failureHandler, failureUrl, getAuthenticationEntryPoint, getAuthenticationEntryPointMatcher, getAuthenticationFilter, getFailureUrl, getLoginPage, getLoginProcessingUrl, isCustomLoginPage, permitAll, permitAll, registerAuthenticationEntryPoint, registerDefaultAuthenticationEntryPoint, setAuthenticationFilter, successHandler, updateAccessDefaults, updateAuthenticationDefaults
-
Methods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer
disable, withObjectPostProcessor
-
Methods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter
addObjectPostProcessor, and, getBuilder, postProcess, setBuilder
-
-
-
-
Method Detail
-
attributeExchange
public OpenIDLoginConfigurer.AttributeExchangeConfigurer attributeExchange(java.lang.String identifierPattern)
Deprecated.Sets up OpenID attribute exchange for OpenID's matching the specified pattern.- Parameters:
identifierPattern
- the regular expression for matching on OpenID's (i.e. "https://www.google.com/.*", ".*yahoo.com.*", etc)- Returns:
- a
OpenIDLoginConfigurer.AttributeExchangeConfigurer
for further customizations of the attribute exchange
-
attributeExchange
public OpenIDLoginConfigurer<H> attributeExchange(Customizer<OpenIDLoginConfigurer.AttributeExchangeConfigurer> attributeExchangeCustomizer)
Deprecated.Sets up OpenID attribute exchange for OpenIDs matching the specified pattern. The default pattern is ".*", it can be specified usingOpenIDLoginConfigurer.AttributeExchangeConfigurer.identifierPattern(String)
- Parameters:
attributeExchangeCustomizer
- theCustomizer
to provide more options for theOpenIDLoginConfigurer.AttributeExchangeConfigurer
- Returns:
- a
OpenIDLoginConfigurer
for further customizations
-
consumer
public OpenIDLoginConfigurer<H> consumer(OpenIDConsumer consumer)
Deprecated.Allows specifying theOpenIDConsumer
to be used. The default is using anOpenID4JavaConsumer
.- Parameters:
consumer
- theOpenIDConsumer
to be used- Returns:
- the
OpenIDLoginConfigurer
for further customizations
-
consumerManager
public OpenIDLoginConfigurer<H> consumerManager(org.openid4java.consumer.ConsumerManager consumerManager)
Deprecated.Allows specifying theConsumerManager
to be used. If specified, will be populated into anOpenID4JavaConsumer
.This is a shortcut for specifying the
OpenID4JavaConsumer
with a specificConsumerManager
onconsumer(OpenIDConsumer)
.- Parameters:
consumerManager
- theConsumerManager
to use. Cannot be null.- Returns:
- the
OpenIDLoginConfigurer
for further customizations
-
authenticationUserDetailsService
public OpenIDLoginConfigurer<H> authenticationUserDetailsService(AuthenticationUserDetailsService<OpenIDAuthenticationToken> authenticationUserDetailsService)
Deprecated.TheAuthenticationUserDetailsService
to use. By default aUserDetailsByNameServiceWrapper
is used with theUserDetailsService
shared object found withAbstractConfiguredSecurityBuilder.getSharedObject(Class)
.- Parameters:
authenticationUserDetailsService
- theAuthenticationDetailsSource
to use- Returns:
- the
OpenIDLoginConfigurer
for further customizations
-
loginProcessingUrl
public OpenIDLoginConfigurer<H> loginProcessingUrl(java.lang.String loginProcessingUrl)
Deprecated.Specifies the URL used to authenticate OpenID requests. If theHttpServletRequest
matches this URL theOpenIDAuthenticationFilter
will attempt to authenticate the request. The default is "/login/openid".- Overrides:
loginProcessingUrl
in classAbstractAuthenticationFilterConfigurer<H extends HttpSecurityBuilder<H>,OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>>,OpenIDAuthenticationFilter>
- Parameters:
loginProcessingUrl
- the URL used to perform authentication- Returns:
- the
OpenIDLoginConfigurer
for additional customization
-
loginPage
public OpenIDLoginConfigurer<H> loginPage(java.lang.String loginPage)
Deprecated.Specifies the URL to send users to if login is required. If used with
WebSecurityConfigurerAdapter
a default login page will be generated when this attribute is not specified.If a URL is specified or this is not being used in conjunction with
WebSecurityConfigurerAdapter
, users are required to process the specified URL to generate a login page.- It must be an HTTP POST
- It must be submitted to
loginProcessingUrl(String)
- It should include the OpenID as an HTTP parameter by the name of
OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD
Impact on other defaults
Updating this value, also impacts a number of other default values. For example, the following are the default values when only formLogin() was specified.- /login GET - the login form
- /login POST - process the credentials and if valid authenticate the user
- /login?error GET - redirect here for failed authentication attempts
- /login?logout GET - redirect here after successfully logging out
- /authenticate GET - the login form
- /authenticate POST - process the credentials and if valid authenticate the user
- /authenticate?error GET - redirect here for failed authentication attempts
- /authenticate?logout GET - redirect here after successfully logging out
- Overrides:
loginPage
in classAbstractAuthenticationFilterConfigurer<H extends HttpSecurityBuilder<H>,OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>>,OpenIDAuthenticationFilter>
- Parameters:
loginPage
- the login page to redirect to if authentication is required (i.e. "/login")- Returns:
- the
FormLoginConfigurer
for additional customization
-
init
public void init(H http) throws java.lang.Exception
Deprecated.Description copied from interface:SecurityConfigurer
Initialize theSecurityBuilder
. Here only shared state should be created and modified, but not properties on theSecurityBuilder
used for building the object. This ensures that theSecurityConfigurer.configure(SecurityBuilder)
method uses the correct shared objects when building. Configurers should be applied here.- Specified by:
init
in interfaceSecurityConfigurer<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>
- Overrides:
init
in classAbstractAuthenticationFilterConfigurer<H extends HttpSecurityBuilder<H>,OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>>,OpenIDAuthenticationFilter>
- Throws:
java.lang.Exception
-
configure
public void configure(H http) throws java.lang.Exception
Deprecated.Description copied from interface:SecurityConfigurer
Configure theSecurityBuilder
by setting the necessary properties on theSecurityBuilder
.- Specified by:
configure
in interfaceSecurityConfigurer<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>
- Overrides:
configure
in classAbstractAuthenticationFilterConfigurer<H extends HttpSecurityBuilder<H>,OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>>,OpenIDAuthenticationFilter>
- Throws:
java.lang.Exception
-
createLoginProcessingUrlMatcher
protected RequestMatcher createLoginProcessingUrlMatcher(java.lang.String loginProcessingUrl)
Deprecated.Description copied from class:AbstractAuthenticationFilterConfigurer
Create theRequestMatcher
given a loginProcessingUrl- Specified by:
createLoginProcessingUrlMatcher
in classAbstractAuthenticationFilterConfigurer<H extends HttpSecurityBuilder<H>,OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>>,OpenIDAuthenticationFilter>
- Parameters:
loginProcessingUrl
- creates theRequestMatcher
based upon the loginProcessingUrl- Returns:
- the
RequestMatcher
to use based upon the loginProcessingUrl
-
-