Class ServerHttpSecurity.FormLoginSpec
- java.lang.Object
-
- org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec
-
- Enclosing class:
- ServerHttpSecurity
public final class ServerHttpSecurity.FormLoginSpec extends java.lang.Object
Configures Form Based authentication- Since:
- 5.0
- See Also:
ServerHttpSecurity.formLogin()
-
-
Method Summary
-
-
-
Method Detail
-
authenticationManager
public ServerHttpSecurity.FormLoginSpec authenticationManager(ReactiveAuthenticationManager authenticationManager)
TheReactiveAuthenticationManager
used to authenticate. Defaults toServerHttpSecurity.authenticationManager(ReactiveAuthenticationManager)
.- Parameters:
authenticationManager
- the authentication manager to use- Returns:
- the
ServerHttpSecurity.FormLoginSpec
to continue configuring
-
authenticationSuccessHandler
public ServerHttpSecurity.FormLoginSpec authenticationSuccessHandler(ServerAuthenticationSuccessHandler authenticationSuccessHandler)
TheServerAuthenticationSuccessHandler
used after authentication success. Defaults toRedirectServerAuthenticationSuccessHandler
.- Parameters:
authenticationSuccessHandler
- the success handler to use- Returns:
- the
ServerHttpSecurity.FormLoginSpec
to continue configuring
-
loginPage
public ServerHttpSecurity.FormLoginSpec loginPage(java.lang.String loginPage)
Configures the log in page to redirect to, the authentication failure page, and when authentication is performed. The default is that Spring Security will generate a log in page at "/login" and a log out page at "/logout". If this is customized:- The default log in & log out page are no longer provided
- The application must render a log in page at the provided URL
- The application must render an authentication error page at the provided URL + "?error"
- Authentication will occur for POST to the provided URL
- Parameters:
loginPage
- the url to redirect to which provides a form to log in (i.e. "/login")- Returns:
- the
ServerHttpSecurity.FormLoginSpec
to continue configuring - See Also:
authenticationEntryPoint(ServerAuthenticationEntryPoint)
,requiresAuthenticationMatcher(ServerWebExchangeMatcher)
,authenticationFailureHandler(ServerAuthenticationFailureHandler)
-
authenticationEntryPoint
public ServerHttpSecurity.FormLoginSpec authenticationEntryPoint(ServerAuthenticationEntryPoint authenticationEntryPoint)
How to request for authentication. The default is that Spring Security will generate a log in page at "/login".- Parameters:
authenticationEntryPoint
- the entry point to use- Returns:
- the
ServerHttpSecurity.FormLoginSpec
to continue configuring - See Also:
loginPage(String)
-
requiresAuthenticationMatcher
public ServerHttpSecurity.FormLoginSpec requiresAuthenticationMatcher(ServerWebExchangeMatcher requiresAuthenticationMatcher)
Configures when authentication is performed. The default is a POST to "/login".- Parameters:
requiresAuthenticationMatcher
- the matcher to use- Returns:
- the
ServerHttpSecurity.FormLoginSpec
to continue configuring - See Also:
loginPage(String)
-
authenticationFailureHandler
public ServerHttpSecurity.FormLoginSpec authenticationFailureHandler(ServerAuthenticationFailureHandler authenticationFailureHandler)
Configures how a failed authentication is handled. The default is to redirect to "/login?error".- Parameters:
authenticationFailureHandler
- the handler to use- Returns:
- the
ServerHttpSecurity.FormLoginSpec
to continue configuring - See Also:
loginPage(String)
-
securityContextRepository
public ServerHttpSecurity.FormLoginSpec securityContextRepository(ServerSecurityContextRepository securityContextRepository)
TheServerSecurityContextRepository
used to save theAuthentication
. Defaults toWebSessionServerSecurityContextRepository
. For theSecurityContext
to be loaded on subsequent requests theReactorContextWebFilter
must be configured to be able to load the value (they are not implicitly linked).- Parameters:
securityContextRepository
- the repository to use- Returns:
- the
ServerHttpSecurity.FormLoginSpec
to continue configuring
-
and
public ServerHttpSecurity and()
Allows method chaining to continue configuring theServerHttpSecurity
- Returns:
- the
ServerHttpSecurity
to continue configuring
-
disable
public ServerHttpSecurity disable()
Disables HTTP Basic authentication.- Returns:
- the
ServerHttpSecurity
to continue configuring
-
configure
protected void configure(ServerHttpSecurity http)
-
-