Class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
java.lang.Object
org.springframework.security.config.annotation.SecurityConfigurerAdapter<DefaultSecurityFilterChain,B>
org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer<T,B>
org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer<B,OAuth2LoginConfigurer<B>,OAuth2LoginAuthenticationFilter>
org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer<B>
- All Implemented Interfaces:
SecurityConfigurer<DefaultSecurityFilterChain,
B>
public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
extends AbstractAuthenticationFilterConfigurer<B,OAuth2LoginConfigurer<B>,OAuth2LoginAuthenticationFilter>
An
AbstractHttpConfigurer
for OAuth 2.0 Login, which leverages the OAuth 2.0
Authorization Code Grant Flow.
OAuth 2.0 Login provides an application with the capability to have users log in by using their existing account at an OAuth 2.0 or OpenID Connect 1.0 Provider.
Defaults are provided for all configuration options with the only required
configuration being
clientRegistrationRepository(ClientRegistrationRepository)
. Alternatively, a
ClientRegistrationRepository
@Bean
may be registered instead.
Security Filters
The followingFilter
's are populated:
Shared Objects Created
The following shared objects are populated:ClientRegistrationRepository
(required)OAuth2AuthorizedClientRepository
(optional)GrantedAuthoritiesMapper
(optional)
Shared Objects Used
The following shared objects are used:ClientRegistrationRepository
OAuth2AuthorizedClientRepository
GrantedAuthoritiesMapper
DefaultLoginPageGeneratingFilter
- ifloginPage(String)
is not configured andDefaultLoginPageGeneratingFilter
is available, then a default login page will be made available
-
Nested Class Summary
Modifier and TypeClassDescriptionfinal class
Configuration options for the Authorization Server's Authorization Endpoint.final class
Configuration options for the Client's Redirection Endpoint.final class
Configuration options for the Authorization Server's Token Endpoint.final class
Configuration options for the Authorization Server's UserInfo Endpoint. -
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionDeprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0.authorizationEndpoint
(Customizer<OAuth2LoginConfigurer<B>.AuthorizationEndpointConfig> authorizationEndpointCustomizer) Configures the Authorization Server's Authorization Endpoint.authorizedClientRepository
(OAuth2AuthorizedClientRepository authorizedClientRepository) Sets the repository for authorized client(s).authorizedClientService
(OAuth2AuthorizedClientService authorizedClientService) Sets the service for authorized client(s).clientRegistrationRepository
(ClientRegistrationRepository clientRegistrationRepository) Sets the repository of client registrations.void
Configure theSecurityBuilder
by setting the necessary properties on theSecurityBuilder
.protected RequestMatcher
createLoginProcessingUrlMatcher
(String loginProcessingUrl) Create theRequestMatcher
given a loginProcessingUrlvoid
Initialize theSecurityBuilder
.Specifies the URL to send users to if login is required.loginProcessingUrl
(String loginProcessingUrl) Specifies the URL to validate the credentials.Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0.redirectionEndpoint
(Customizer<OAuth2LoginConfigurer<B>.RedirectionEndpointConfig> redirectionEndpointCustomizer) Configures the Client's Redirection Endpoint.Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0.tokenEndpoint
(Customizer<OAuth2LoginConfigurer<B>.TokenEndpointConfig> tokenEndpointCustomizer) Configures the Authorization Server's Token Endpoint.Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0.userInfoEndpoint
(Customizer<OAuth2LoginConfigurer<B>.UserInfoEndpointConfig> userInfoEndpointCustomizer) Configures the Authorization Server's UserInfo Endpoint.Methods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
authenticationDetailsSource, defaultSuccessUrl, defaultSuccessUrl, failureHandler, failureUrl, getAuthenticationEntryPoint, getAuthenticationEntryPointMatcher, getAuthenticationFilter, getFailureUrl, getLoginPage, getLoginProcessingUrl, isCustomLoginPage, permitAll, permitAll, registerAuthenticationEntryPoint, registerDefaultAuthenticationEntryPoint, securityContextRepository, setAuthenticationFilter, successHandler, updateAccessDefaults, updateAuthenticationDefaults
Methods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer
disable, getSecurityContextHolderStrategy, withObjectPostProcessor
Methods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter
addObjectPostProcessor, and, getBuilder, postProcess, setBuilder
-
Constructor Details
-
OAuth2LoginConfigurer
public OAuth2LoginConfigurer()
-
-
Method Details
-
clientRegistrationRepository
public OAuth2LoginConfigurer<B> clientRegistrationRepository(ClientRegistrationRepository clientRegistrationRepository) Sets the repository of client registrations.- Parameters:
clientRegistrationRepository
- the repository of client registrations- Returns:
- the
OAuth2LoginConfigurer
for further configuration
-
authorizedClientRepository
public OAuth2LoginConfigurer<B> authorizedClientRepository(OAuth2AuthorizedClientRepository authorizedClientRepository) Sets the repository for authorized client(s).- Parameters:
authorizedClientRepository
- the authorized client repository- Returns:
- the
OAuth2LoginConfigurer
for further configuration - Since:
- 5.1
-
authorizedClientService
public OAuth2LoginConfigurer<B> authorizedClientService(OAuth2AuthorizedClientService authorizedClientService) Sets the service for authorized client(s).- Parameters:
authorizedClientService
- the authorized client service- Returns:
- the
OAuth2LoginConfigurer
for further configuration
-
loginPage
Description copied from class:AbstractAuthenticationFilterConfigurer
Specifies the URL to send users to if login is required. If used with
EnableWebSecurity
a default login page will be generated when this attribute is not specified.If a URL is specified or this is not being used in conjunction with
EnableWebSecurity
, users are required to process the specified URL to generate a login page.- Overrides:
loginPage
in classAbstractAuthenticationFilterConfigurer<B extends HttpSecurityBuilder<B>,
OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>, OAuth2LoginAuthenticationFilter>
-
loginProcessingUrl
Description copied from class:AbstractAuthenticationFilterConfigurer
Specifies the URL to validate the credentials.- Overrides:
loginProcessingUrl
in classAbstractAuthenticationFilterConfigurer<B extends HttpSecurityBuilder<B>,
OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>, OAuth2LoginAuthenticationFilter> - Parameters:
loginProcessingUrl
- the URL to validate username and password- Returns:
- the
FormLoginConfigurer
for additional customization
-
authorizationEndpoint
@Deprecated(since="6.1", forRemoval=true) public OAuth2LoginConfigurer<B>.AuthorizationEndpointConfig authorizationEndpoint()Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. UseauthorizationEndpoint(Customizer)
insteadReturns theOAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>.AuthorizationEndpointConfig
for configuring the Authorization Server's Authorization Endpoint.- Returns:
- the
OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>.AuthorizationEndpointConfig
-
authorizationEndpoint
public OAuth2LoginConfigurer<B> authorizationEndpoint(Customizer<OAuth2LoginConfigurer<B>.AuthorizationEndpointConfig> authorizationEndpointCustomizer) Configures the Authorization Server's Authorization Endpoint.- Parameters:
authorizationEndpointCustomizer
- theCustomizer
to provide more options for theOAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>.AuthorizationEndpointConfig
- Returns:
- the
OAuth2LoginConfigurer
for further customizations
-
tokenEndpoint
@Deprecated(since="6.1", forRemoval=true) public OAuth2LoginConfigurer<B>.TokenEndpointConfig tokenEndpoint()Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. UsetokenEndpoint(Customizer)
ortokenEndpoint(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.Returns theOAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>.TokenEndpointConfig
for configuring the Authorization Server's Token Endpoint.- Returns:
- the
OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>.TokenEndpointConfig
-
tokenEndpoint
public OAuth2LoginConfigurer<B> tokenEndpoint(Customizer<OAuth2LoginConfigurer<B>.TokenEndpointConfig> tokenEndpointCustomizer) Configures the Authorization Server's Token Endpoint.- Parameters:
tokenEndpointCustomizer
- theCustomizer
to provide more options for theOAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>.TokenEndpointConfig
- Returns:
- the
OAuth2LoginConfigurer
for further customizations - Throws:
Exception
-
redirectionEndpoint
@Deprecated(since="6.1", forRemoval=true) public OAuth2LoginConfigurer<B>.RedirectionEndpointConfig redirectionEndpoint()Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. UseredirectionEndpoint(Customizer)
insteadReturns theOAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>.RedirectionEndpointConfig
for configuring the Client's Redirection Endpoint.- Returns:
- the
OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>.RedirectionEndpointConfig
-
redirectionEndpoint
public OAuth2LoginConfigurer<B> redirectionEndpoint(Customizer<OAuth2LoginConfigurer<B>.RedirectionEndpointConfig> redirectionEndpointCustomizer) Configures the Client's Redirection Endpoint.- Parameters:
redirectionEndpointCustomizer
- theCustomizer
to provide more options for theOAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>.RedirectionEndpointConfig
- Returns:
- the
OAuth2LoginConfigurer
for further customizations
-
userInfoEndpoint
@Deprecated(since="6.1", forRemoval=true) public OAuth2LoginConfigurer<B>.UserInfoEndpointConfig userInfoEndpoint()Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. UseuserInfoEndpoint(Customizer)
oruserInfoEndpoint(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.Returns theOAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>.UserInfoEndpointConfig
for configuring the Authorization Server's UserInfo Endpoint.- Returns:
- the
OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>.UserInfoEndpointConfig
-
userInfoEndpoint
public OAuth2LoginConfigurer<B> userInfoEndpoint(Customizer<OAuth2LoginConfigurer<B>.UserInfoEndpointConfig> userInfoEndpointCustomizer) Configures the Authorization Server's UserInfo Endpoint.- Parameters:
userInfoEndpointCustomizer
- theCustomizer
to provide more options for theOAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>.UserInfoEndpointConfig
- Returns:
- the
OAuth2LoginConfigurer
for further customizations
-
init
Description copied from interface:SecurityConfigurer
Initialize theSecurityBuilder
. Here only shared state should be created and modified, but not properties on theSecurityBuilder
used for building the object. This ensures that theSecurityConfigurer.configure(SecurityBuilder)
method uses the correct shared objects when building. Configurers should be applied here.- Specified by:
init
in interfaceSecurityConfigurer<DefaultSecurityFilterChain,
B extends HttpSecurityBuilder<B>> - Overrides:
init
in classAbstractAuthenticationFilterConfigurer<B extends HttpSecurityBuilder<B>,
OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>, OAuth2LoginAuthenticationFilter> - Throws:
Exception
-
configure
Description copied from interface:SecurityConfigurer
Configure theSecurityBuilder
by setting the necessary properties on theSecurityBuilder
.- Specified by:
configure
in interfaceSecurityConfigurer<DefaultSecurityFilterChain,
B extends HttpSecurityBuilder<B>> - Overrides:
configure
in classAbstractAuthenticationFilterConfigurer<B extends HttpSecurityBuilder<B>,
OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>, OAuth2LoginAuthenticationFilter> - Throws:
Exception
-
createLoginProcessingUrlMatcher
Description copied from class:AbstractAuthenticationFilterConfigurer
Create theRequestMatcher
given a loginProcessingUrl- Specified by:
createLoginProcessingUrlMatcher
in classAbstractAuthenticationFilterConfigurer<B extends HttpSecurityBuilder<B>,
OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>, OAuth2LoginAuthenticationFilter> - Parameters:
loginProcessingUrl
- creates theRequestMatcher
based upon the loginProcessingUrl- Returns:
- the
RequestMatcher
to use based upon the loginProcessingUrl
-