Package org.springframework.security.config.web.server

Class ServerHttpSecurity.OAuth2LoginSpec

java.lang.Object

org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec

Enclosing class:

ServerHttpSecurity

public final class ServerHttpSecurity.OAuth2LoginSpec
extends Object

Method Summary

Modifier and Type	Method	Description
ServerHttpSecurity	and()	Deprecated, for removal: This API element is subject to removal in a future version. For removal in 7.0.
ServerHttpSecurity.OAuth2LoginSpec	authenticationConverter(ServerAuthenticationConverter authenticationConverter)	Sets the converter to use
ServerHttpSecurity.OAuth2LoginSpec	authenticationFailureHandler(ServerAuthenticationFailureHandler authenticationFailureHandler)	The ServerAuthenticationFailureHandler used after authentication failure.
ServerHttpSecurity.OAuth2LoginSpec	authenticationManager(ReactiveAuthenticationManager authenticationManager)	Configures the ReactiveAuthenticationManager to use.
ServerHttpSecurity.OAuth2LoginSpec	authenticationMatcher(ServerWebExchangeMatcher authenticationMatcher)	Sets the matcher used for determining if the request is an authentication request.
ServerHttpSecurity.OAuth2LoginSpec	authenticationSuccessHandler(Consumer<List<ServerAuthenticationSuccessHandler>> handlersConsumer)	Allows customizing the list of ServerAuthenticationSuccessHandler.
ServerHttpSecurity.OAuth2LoginSpec	authenticationSuccessHandler(ServerAuthenticationSuccessHandler authenticationSuccessHandler)	The ServerAuthenticationSuccessHandler used after authentication success.
ServerHttpSecurity.OAuth2LoginSpec	authorizationRedirectStrategy(ServerRedirectStrategy authorizationRedirectStrategy)	Sets the redirect strategy for Authorization Endpoint redirect URI.
ServerHttpSecurity.OAuth2LoginSpec	authorizationRequestRepository(ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository)	Sets the repository to use for storing OAuth2AuthorizationRequest's.
ServerHttpSecurity.OAuth2LoginSpec	authorizationRequestResolver(ServerOAuth2AuthorizationRequestResolver authorizationRequestResolver)	Sets the resolver used for resolving OAuth2AuthorizationRequest's.
ServerHttpSecurity.OAuth2LoginSpec	authorizedClientRepository(ServerOAuth2AuthorizedClientRepository authorizedClientRepository)
ServerHttpSecurity.OAuth2LoginSpec	authorizedClientService(ReactiveOAuth2AuthorizedClientService authorizedClientService)
ServerHttpSecurity.OAuth2LoginSpec	clientRegistrationRepository(ReactiveClientRegistrationRepository clientRegistrationRepository)
protected void	configure(ServerHttpSecurity http)
ServerHttpSecurity.OAuth2LoginSpec	oidcSessionRegistry(ReactiveOidcSessionRegistry oidcSessionRegistry)	Configures the ReactiveOidcSessionRegistry to use when logins use OIDC.
ServerHttpSecurity.OAuth2LoginSpec	securityContextRepository(ServerSecurityContextRepository securityContextRepository)	The ServerSecurityContextRepository used to save the Authentication.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

authenticationManager

public ServerHttpSecurity.OAuth2LoginSpec authenticationManager(ReactiveAuthenticationManager authenticationManager)

Configures the ReactiveAuthenticationManager to use. The default is OAuth2AuthorizationCodeReactiveAuthenticationManager

Parameters:

authenticationManager - the manager to use

Returns:

the ServerHttpSecurity.OAuth2LoginSpec to customize

securityContextRepository

public ServerHttpSecurity.OAuth2LoginSpec securityContextRepository(ServerSecurityContextRepository securityContextRepository)

The ServerSecurityContextRepository used to save the Authentication. Defaults to WebSessionServerSecurityContextRepository.

Parameters:

securityContextRepository - the repository to use

Returns:

the ServerHttpSecurity.OAuth2LoginSpec to continue configuring

Since:

5.2

oidcSessionRegistry

public ServerHttpSecurity.OAuth2LoginSpec oidcSessionRegistry(ReactiveOidcSessionRegistry oidcSessionRegistry)

Configures the ReactiveOidcSessionRegistry to use when logins use OIDC. Default is to look the value up as a Bean, or else use an InMemoryReactiveOidcSessionRegistry.

Parameters:

oidcSessionRegistry - the registry to use

Returns:

the ServerHttpSecurity.OidcLogoutSpec to customize

Since:

6.2

authenticationSuccessHandler

public ServerHttpSecurity.OAuth2LoginSpec authenticationSuccessHandler(ServerAuthenticationSuccessHandler authenticationSuccessHandler)

The ServerAuthenticationSuccessHandler used after authentication success. Defaults to RedirectServerAuthenticationSuccessHandler redirecting to "/". Note that this method clears previously added success handlers via authenticationSuccessHandler(Consumer)

Parameters:

authenticationSuccessHandler - the success handler to use

Returns:

the ServerHttpSecurity.OAuth2LoginSpec to customize

Since:

5.2

authenticationSuccessHandler

public ServerHttpSecurity.OAuth2LoginSpec authenticationSuccessHandler(Consumer<List<ServerAuthenticationSuccessHandler>> handlersConsumer)

Allows customizing the list of ServerAuthenticationSuccessHandler. The default list contains a RedirectServerAuthenticationSuccessHandler that redirects to "/".

Parameters:

handlersConsumer - the handlers consumer

Returns:

the ServerHttpSecurity.OAuth2LoginSpec to continue configuring

Since:

6.3

authenticationFailureHandler

public ServerHttpSecurity.OAuth2LoginSpec authenticationFailureHandler(ServerAuthenticationFailureHandler authenticationFailureHandler)

The ServerAuthenticationFailureHandler used after authentication failure. Defaults to RedirectServerAuthenticationFailureHandler redirecting to "/login?error".

Parameters:

authenticationFailureHandler - the failure handler to use

Returns:

the ServerHttpSecurity.OAuth2LoginSpec to customize

Since:

5.2

authenticationConverter

public ServerHttpSecurity.OAuth2LoginSpec authenticationConverter(ServerAuthenticationConverter authenticationConverter)

Sets the converter to use

Parameters:

authenticationConverter - the converter to use

Returns:

the ServerHttpSecurity.OAuth2LoginSpec to customize

clientRegistrationRepository

public ServerHttpSecurity.OAuth2LoginSpec clientRegistrationRepository(ReactiveClientRegistrationRepository clientRegistrationRepository)

authorizedClientService

public ServerHttpSecurity.OAuth2LoginSpec authorizedClientService(ReactiveOAuth2AuthorizedClientService authorizedClientService)

authorizedClientRepository

public ServerHttpSecurity.OAuth2LoginSpec authorizedClientRepository(ServerOAuth2AuthorizedClientRepository authorizedClientRepository)

authorizationRequestRepository

public ServerHttpSecurity.OAuth2LoginSpec authorizationRequestRepository(ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository)

Sets the repository to use for storing OAuth2AuthorizationRequest's.

Parameters:

authorizationRequestRepository - the repository to use for storing OAuth2AuthorizationRequest's

Returns:

the ServerHttpSecurity.OAuth2LoginSpec for further configuration

Since:

5.2

authorizationRequestResolver

public ServerHttpSecurity.OAuth2LoginSpec authorizationRequestResolver(ServerOAuth2AuthorizationRequestResolver authorizationRequestResolver)

Sets the resolver used for resolving OAuth2AuthorizationRequest's.

Parameters:

authorizationRequestResolver - the resolver used for resolving OAuth2AuthorizationRequest's

Returns:

the ServerHttpSecurity.OAuth2LoginSpec for further configuration

Since:

5.2

authorizationRedirectStrategy

public ServerHttpSecurity.OAuth2LoginSpec authorizationRedirectStrategy(ServerRedirectStrategy authorizationRedirectStrategy)

Sets the redirect strategy for Authorization Endpoint redirect URI.

Parameters:

authorizationRedirectStrategy - the redirect strategy

Returns:

the ServerHttpSecurity.OAuth2LoginSpec for further configuration

authenticationMatcher

public ServerHttpSecurity.OAuth2LoginSpec authenticationMatcher(ServerWebExchangeMatcher authenticationMatcher)

Sets the matcher used for determining if the request is an authentication request.

Parameters:

authenticationMatcher - the matcher used for determining if the request is an authentication request

Returns:

the ServerHttpSecurity.OAuth2LoginSpec for further configuration

Since:

5.2

and

@Deprecated(since="6.1",
            forRemoval=true)
public ServerHttpSecurity and()

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use ServerHttpSecurity.oauth2Login(Customizer) or oauth2Login(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

Allows method chaining to continue configuring the ServerHttpSecurity

Returns:

the ServerHttpSecurity to continue configuring

configure

protected void configure(ServerHttpSecurity http)