Class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
- java.lang.Object
-
- org.springframework.security.config.annotation.SecurityConfigurerAdapter<DefaultSecurityFilterChain,B>
-
- org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer<T,B>
-
- org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer<B,OAuth2LoginConfigurer<B>,OAuth2LoginAuthenticationFilter>
-
- org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer<B>
-
- All Implemented Interfaces:
SecurityConfigurer<DefaultSecurityFilterChain,B>
public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> extends AbstractAuthenticationFilterConfigurer<B,OAuth2LoginConfigurer<B>,OAuth2LoginAuthenticationFilter>
AnAbstractHttpConfigurer
for OAuth 2.0 Login, which leverages the OAuth 2.0 Authorization Code Grant Flow.OAuth 2.0 Login provides an application with the capability to have users log in by using their existing account at an OAuth 2.0 or OpenID Connect 1.0 Provider.
Defaults are provided for all configuration options with the only required configuration being
clientRegistrationRepository(ClientRegistrationRepository)
. Alternatively, aClientRegistrationRepository
@Bean
may be registered instead.Security Filters
The followingFilter
's are populated:Shared Objects Created
The following shared objects are populated:ClientRegistrationRepository
(required)OAuth2AuthorizedClientRepository
(optional)GrantedAuthoritiesMapper
(optional)
Shared Objects Used
The following shared objects are used:ClientRegistrationRepository
OAuth2AuthorizedClientRepository
GrantedAuthoritiesMapper
DefaultLoginPageGeneratingFilter
- ifloginPage(String)
is not configured andDefaultLoginPageGeneratingFilter
is available, then a default login page will be made available
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description class
OAuth2LoginConfigurer.AuthorizationEndpointConfig
Configuration options for the Authorization Server's Authorization Endpoint.class
OAuth2LoginConfigurer.RedirectionEndpointConfig
Configuration options for the Client's Redirection Endpoint.class
OAuth2LoginConfigurer.TokenEndpointConfig
Configuration options for the Authorization Server's Token Endpoint.class
OAuth2LoginConfigurer.UserInfoEndpointConfig
Configuration options for the Authorization Server's UserInfo Endpoint.
-
Constructor Summary
Constructors Constructor Description OAuth2LoginConfigurer()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description OAuth2LoginConfigurer.AuthorizationEndpointConfig
authorizationEndpoint()
Returns theOAuth2LoginConfigurer.AuthorizationEndpointConfig
for configuring the Authorization Server's Authorization Endpoint.OAuth2LoginConfigurer<B>
authorizationEndpoint(Customizer<OAuth2LoginConfigurer.AuthorizationEndpointConfig> authorizationEndpointCustomizer)
Configures the Authorization Server's Authorization Endpoint.OAuth2LoginConfigurer<B>
authorizedClientRepository(OAuth2AuthorizedClientRepository authorizedClientRepository)
Sets the repository for authorized client(s).OAuth2LoginConfigurer<B>
authorizedClientService(OAuth2AuthorizedClientService authorizedClientService)
Sets the service for authorized client(s).OAuth2LoginConfigurer<B>
clientRegistrationRepository(ClientRegistrationRepository clientRegistrationRepository)
Sets the repository of client registrations.void
configure(B http)
Configure theSecurityBuilder
by setting the necessary properties on theSecurityBuilder
.protected RequestMatcher
createLoginProcessingUrlMatcher(java.lang.String loginProcessingUrl)
Create theRequestMatcher
given a loginProcessingUrlvoid
init(B http)
Initialize theSecurityBuilder
.OAuth2LoginConfigurer<B>
loginPage(java.lang.String loginPage)
Specifies the URL to send users to if login is required.OAuth2LoginConfigurer<B>
loginProcessingUrl(java.lang.String loginProcessingUrl)
Specifies the URL to validate the credentials.OAuth2LoginConfigurer.RedirectionEndpointConfig
redirectionEndpoint()
Returns theOAuth2LoginConfigurer.RedirectionEndpointConfig
for configuring the Client's Redirection Endpoint.OAuth2LoginConfigurer<B>
redirectionEndpoint(Customizer<OAuth2LoginConfigurer.RedirectionEndpointConfig> redirectionEndpointCustomizer)
Configures the Client's Redirection Endpoint.OAuth2LoginConfigurer.TokenEndpointConfig
tokenEndpoint()
Returns theOAuth2LoginConfigurer.TokenEndpointConfig
for configuring the Authorization Server's Token Endpoint.OAuth2LoginConfigurer<B>
tokenEndpoint(Customizer<OAuth2LoginConfigurer.TokenEndpointConfig> tokenEndpointCustomizer)
Configures the Authorization Server's Token Endpoint.OAuth2LoginConfigurer.UserInfoEndpointConfig
userInfoEndpoint()
Returns theOAuth2LoginConfigurer.UserInfoEndpointConfig
for configuring the Authorization Server's UserInfo Endpoint.OAuth2LoginConfigurer<B>
userInfoEndpoint(Customizer<OAuth2LoginConfigurer.UserInfoEndpointConfig> userInfoEndpointCustomizer)
Configures the Authorization Server's UserInfo Endpoint.-
Methods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
authenticationDetailsSource, defaultSuccessUrl, defaultSuccessUrl, failureHandler, failureUrl, getAuthenticationEntryPoint, getAuthenticationEntryPointMatcher, getAuthenticationFilter, getFailureUrl, getLoginPage, getLoginProcessingUrl, isCustomLoginPage, permitAll, permitAll, registerAuthenticationEntryPoint, registerDefaultAuthenticationEntryPoint, securityContextRepository, setAuthenticationFilter, successHandler, updateAccessDefaults, updateAuthenticationDefaults
-
Methods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer
disable, withObjectPostProcessor
-
Methods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter
addObjectPostProcessor, and, getBuilder, postProcess, setBuilder
-
-
-
-
Method Detail
-
clientRegistrationRepository
public OAuth2LoginConfigurer<B> clientRegistrationRepository(ClientRegistrationRepository clientRegistrationRepository)
Sets the repository of client registrations.- Parameters:
clientRegistrationRepository
- the repository of client registrations- Returns:
- the
OAuth2LoginConfigurer
for further configuration
-
authorizedClientRepository
public OAuth2LoginConfigurer<B> authorizedClientRepository(OAuth2AuthorizedClientRepository authorizedClientRepository)
Sets the repository for authorized client(s).- Parameters:
authorizedClientRepository
- the authorized client repository- Returns:
- the
OAuth2LoginConfigurer
for further configuration - Since:
- 5.1
-
authorizedClientService
public OAuth2LoginConfigurer<B> authorizedClientService(OAuth2AuthorizedClientService authorizedClientService)
Sets the service for authorized client(s).- Parameters:
authorizedClientService
- the authorized client service- Returns:
- the
OAuth2LoginConfigurer
for further configuration
-
loginPage
public OAuth2LoginConfigurer<B> loginPage(java.lang.String loginPage)
Description copied from class:AbstractAuthenticationFilterConfigurer
Specifies the URL to send users to if login is required. If used with
WebSecurityConfigurerAdapter
a default login page will be generated when this attribute is not specified.If a URL is specified or this is not being used in conjunction with
WebSecurityConfigurerAdapter
, users are required to process the specified URL to generate a login page.- Overrides:
loginPage
in classAbstractAuthenticationFilterConfigurer<B extends HttpSecurityBuilder<B>,OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>,OAuth2LoginAuthenticationFilter>
-
loginProcessingUrl
public OAuth2LoginConfigurer<B> loginProcessingUrl(java.lang.String loginProcessingUrl)
Description copied from class:AbstractAuthenticationFilterConfigurer
Specifies the URL to validate the credentials.- Overrides:
loginProcessingUrl
in classAbstractAuthenticationFilterConfigurer<B extends HttpSecurityBuilder<B>,OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>,OAuth2LoginAuthenticationFilter>
- Parameters:
loginProcessingUrl
- the URL to validate username and password- Returns:
- the
FormLoginConfigurer
for additional customization
-
authorizationEndpoint
public OAuth2LoginConfigurer.AuthorizationEndpointConfig authorizationEndpoint()
Returns theOAuth2LoginConfigurer.AuthorizationEndpointConfig
for configuring the Authorization Server's Authorization Endpoint.- Returns:
- the
OAuth2LoginConfigurer.AuthorizationEndpointConfig
-
authorizationEndpoint
public OAuth2LoginConfigurer<B> authorizationEndpoint(Customizer<OAuth2LoginConfigurer.AuthorizationEndpointConfig> authorizationEndpointCustomizer)
Configures the Authorization Server's Authorization Endpoint.- Parameters:
authorizationEndpointCustomizer
- theCustomizer
to provide more options for theOAuth2LoginConfigurer.AuthorizationEndpointConfig
- Returns:
- the
OAuth2LoginConfigurer
for further customizations
-
tokenEndpoint
public OAuth2LoginConfigurer.TokenEndpointConfig tokenEndpoint()
Returns theOAuth2LoginConfigurer.TokenEndpointConfig
for configuring the Authorization Server's Token Endpoint.- Returns:
- the
OAuth2LoginConfigurer.TokenEndpointConfig
-
tokenEndpoint
public OAuth2LoginConfigurer<B> tokenEndpoint(Customizer<OAuth2LoginConfigurer.TokenEndpointConfig> tokenEndpointCustomizer)
Configures the Authorization Server's Token Endpoint.- Parameters:
tokenEndpointCustomizer
- theCustomizer
to provide more options for theOAuth2LoginConfigurer.TokenEndpointConfig
- Returns:
- the
OAuth2LoginConfigurer
for further customizations - Throws:
java.lang.Exception
-
redirectionEndpoint
public OAuth2LoginConfigurer.RedirectionEndpointConfig redirectionEndpoint()
Returns theOAuth2LoginConfigurer.RedirectionEndpointConfig
for configuring the Client's Redirection Endpoint.- Returns:
- the
OAuth2LoginConfigurer.RedirectionEndpointConfig
-
redirectionEndpoint
public OAuth2LoginConfigurer<B> redirectionEndpoint(Customizer<OAuth2LoginConfigurer.RedirectionEndpointConfig> redirectionEndpointCustomizer)
Configures the Client's Redirection Endpoint.- Parameters:
redirectionEndpointCustomizer
- theCustomizer
to provide more options for theOAuth2LoginConfigurer.RedirectionEndpointConfig
- Returns:
- the
OAuth2LoginConfigurer
for further customizations
-
userInfoEndpoint
public OAuth2LoginConfigurer.UserInfoEndpointConfig userInfoEndpoint()
Returns theOAuth2LoginConfigurer.UserInfoEndpointConfig
for configuring the Authorization Server's UserInfo Endpoint.- Returns:
- the
OAuth2LoginConfigurer.UserInfoEndpointConfig
-
userInfoEndpoint
public OAuth2LoginConfigurer<B> userInfoEndpoint(Customizer<OAuth2LoginConfigurer.UserInfoEndpointConfig> userInfoEndpointCustomizer)
Configures the Authorization Server's UserInfo Endpoint.- Parameters:
userInfoEndpointCustomizer
- theCustomizer
to provide more options for theOAuth2LoginConfigurer.UserInfoEndpointConfig
- Returns:
- the
OAuth2LoginConfigurer
for further customizations
-
init
public void init(B http) throws java.lang.Exception
Description copied from interface:SecurityConfigurer
Initialize theSecurityBuilder
. Here only shared state should be created and modified, but not properties on theSecurityBuilder
used for building the object. This ensures that theSecurityConfigurer.configure(SecurityBuilder)
method uses the correct shared objects when building. Configurers should be applied here.- Specified by:
init
in interfaceSecurityConfigurer<DefaultSecurityFilterChain,B extends HttpSecurityBuilder<B>>
- Overrides:
init
in classAbstractAuthenticationFilterConfigurer<B extends HttpSecurityBuilder<B>,OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>,OAuth2LoginAuthenticationFilter>
- Throws:
java.lang.Exception
-
configure
public void configure(B http) throws java.lang.Exception
Description copied from interface:SecurityConfigurer
Configure theSecurityBuilder
by setting the necessary properties on theSecurityBuilder
.- Specified by:
configure
in interfaceSecurityConfigurer<DefaultSecurityFilterChain,B extends HttpSecurityBuilder<B>>
- Overrides:
configure
in classAbstractAuthenticationFilterConfigurer<B extends HttpSecurityBuilder<B>,OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>,OAuth2LoginAuthenticationFilter>
- Throws:
java.lang.Exception
-
createLoginProcessingUrlMatcher
protected RequestMatcher createLoginProcessingUrlMatcher(java.lang.String loginProcessingUrl)
Description copied from class:AbstractAuthenticationFilterConfigurer
Create theRequestMatcher
given a loginProcessingUrl- Specified by:
createLoginProcessingUrlMatcher
in classAbstractAuthenticationFilterConfigurer<B extends HttpSecurityBuilder<B>,OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>,OAuth2LoginAuthenticationFilter>
- Parameters:
loginProcessingUrl
- creates theRequestMatcher
based upon the loginProcessingUrl- Returns:
- the
RequestMatcher
to use based upon the loginProcessingUrl
-
-