Package org.springframework.security.config.annotation.web.configurers.ott

Class OneTimeTokenLoginConfigurer<H extends HttpSecurityBuilder<H>>

java.lang.Object

org.springframework.security.config.annotation.SecurityConfigurerAdapter<DefaultSecurityFilterChain,B>

org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer<T,B>

org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer<H,OneTimeTokenLoginConfigurer<H>,OneTimeTokenAuthenticationFilter>

org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer<H>

All Implemented Interfaces:

SecurityConfigurer<DefaultSecurityFilterChain,H>

public final class OneTimeTokenLoginConfigurer<H extends HttpSecurityBuilder<H>>
extends AbstractAuthenticationFilterConfigurer<H,OneTimeTokenLoginConfigurer<H>,OneTimeTokenAuthenticationFilter>

An AbstractHttpConfigurer for One-Time Token Login.

One-Time Token Login provides an application with the capability to have users log in by obtaining a single-use token out of band, for example through email.

Defaults are provided for all configuration options, with the only required configuration being tokenGenerationSuccessHandler(OneTimeTokenGenerationSuccessHandler). Alternatively, a OneTimeTokenGenerationSuccessHandler @Bean may be registered instead.

Security Filters

The following Filters are populated:

• DefaultOneTimeTokenSubmitPageGeneratingFilter
• GenerateOneTimeTokenFilter
• OneTimeTokenAuthenticationFilter

Shared Objects Used

The following shared objects are used:

• DefaultLoginPageGeneratingFilter - if loginPage(String) is not configured and DefaultLoginPageGeneratingFilter is available, then a default login page will be made available

Since:

6.4

See Also:

• HttpSecurity.oneTimeTokenLogin(Customizer)
• DefaultOneTimeTokenSubmitPageGeneratingFilter
• GenerateOneTimeTokenFilter
• OneTimeTokenAuthenticationFilter
• AbstractAuthenticationFilterConfigurer

Constructor Summary

Constructors

Constructor	Description
OneTimeTokenLoginConfigurer(org.springframework.context.ApplicationContext context)

Method Summary

Modifier and Type	Method	Description
OneTimeTokenLoginConfigurer<H>	authenticationConverter(AuthenticationConverter authenticationConverter)	Use this AuthenticationConverter when converting incoming requests to an Authentication.
OneTimeTokenLoginConfigurer<H>	authenticationFailureHandler(AuthenticationFailureHandler authenticationFailureHandler)	Deprecated. Use AbstractAuthenticationFilterConfigurer.failureHandler(AuthenticationFailureHandler) instead
OneTimeTokenLoginConfigurer<H>	authenticationProvider(AuthenticationProvider authenticationProvider)	Specifies the AuthenticationProvider to use when authenticating the user.
OneTimeTokenLoginConfigurer<H>	authenticationSuccessHandler(AuthenticationSuccessHandler authenticationSuccessHandler)	Deprecated. Use AbstractAuthenticationFilterConfigurer.successHandler(AuthenticationSuccessHandler) instead
void	configure(H http)	Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.
protected RequestMatcher	createLoginProcessingUrlMatcher(String loginProcessingUrl)	Create the RequestMatcher given a loginProcessingUrl
OneTimeTokenLoginConfigurer<H>	defaultSubmitPageUrl(String submitPageUrl)	Sets the URL that the default submit page will be generated.
OneTimeTokenLoginConfigurer<H>	generateRequestResolver(GenerateOneTimeTokenRequestResolver requestResolver)	Use this GenerateOneTimeTokenRequestResolver when resolving GenerateOneTimeTokenRequest from HttpServletRequest.
org.springframework.context.ApplicationContext	getContext()	Deprecated. Use this.context instead
void	init(H http)	Initialize the SecurityBuilder.
OneTimeTokenLoginConfigurer<H>	loginPage(String loginPage)	Specifies the URL to send users to if login is required.
OneTimeTokenLoginConfigurer<H>	loginProcessingUrl(String loginProcessingUrl)	Specifies the URL to process the login request, defaults to /login/ott.
OneTimeTokenLoginConfigurer<H>	showDefaultSubmitPage(boolean show)	Configures whether the default one-time token submit page should be shown.
OneTimeTokenLoginConfigurer<H>	tokenGeneratingUrl(String tokenGeneratingUrl)	Specifies the URL that a One-Time Token generate request will be processed.
OneTimeTokenLoginConfigurer<H>	tokenGenerationSuccessHandler(OneTimeTokenGenerationSuccessHandler oneTimeTokenGenerationSuccessHandler)	Specifies strategy to be used to handle generated one-time tokens.
OneTimeTokenLoginConfigurer<H>	tokenService(OneTimeTokenService oneTimeTokenService)	Configures the OneTimeTokenService used to generate and consume OneTimeToken

Methods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer

authenticationDetailsSource, defaultSuccessUrl, defaultSuccessUrl, failureHandler, failureUrl, getAuthenticationEntryPoint, getAuthenticationEntryPointMatcher, getAuthenticationFilter, getFailureUrl, getLoginPage, getLoginProcessingUrl, isCustomLoginPage, permitAll, permitAll, registerAuthenticationEntryPoint, registerDefaultAuthenticationEntryPoint, securityContextRepository, setAuthenticationFilter, successHandler, updateAccessDefaults, updateAuthenticationDefaults

Methods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer

disable, getSecurityContextHolderStrategy, withObjectPostProcessor, withObjectPostProcessor

Methods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter

addObjectPostProcessor, addObjectPostProcessor, and, getBuilder, postProcess, setBuilder

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

OneTimeTokenLoginConfigurer

public OneTimeTokenLoginConfigurer(org.springframework.context.ApplicationContext context)

Method Details

init

public void init(H http)
          throws Exception

Description copied from interface: SecurityConfigurer

Initialize the SecurityBuilder. Here only shared state should be created and modified, but not properties on the SecurityBuilder used for building the object. This ensures that the SecurityConfigurer.configure(SecurityBuilder) method uses the correct shared objects when building. Configurers should be applied here.

Specified by:

init in interface SecurityConfigurer<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>

Overrides:

init in class AbstractAuthenticationFilterConfigurer<H extends HttpSecurityBuilder<H>,OneTimeTokenLoginConfigurer<H extends HttpSecurityBuilder<H>>,OneTimeTokenAuthenticationFilter>

Throws:

Exception

configure

public void configure(H http)
               throws Exception

Description copied from interface: SecurityConfigurer

Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.

Specified by:

configure in interface SecurityConfigurer<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>

Overrides:

configure in class AbstractAuthenticationFilterConfigurer<H extends HttpSecurityBuilder<H>,OneTimeTokenLoginConfigurer<H extends HttpSecurityBuilder<H>>,OneTimeTokenAuthenticationFilter>

Throws:

Exception

createLoginProcessingUrlMatcher

protected RequestMatcher createLoginProcessingUrlMatcher(String loginProcessingUrl)

Description copied from class: AbstractAuthenticationFilterConfigurer

Create the RequestMatcher given a loginProcessingUrl

Specified by:

createLoginProcessingUrlMatcher in class AbstractAuthenticationFilterConfigurer<H extends HttpSecurityBuilder<H>,OneTimeTokenLoginConfigurer<H extends HttpSecurityBuilder<H>>,OneTimeTokenAuthenticationFilter>

Parameters:

loginProcessingUrl - creates the RequestMatcher based upon the loginProcessingUrl

Returns:

the RequestMatcher to use based upon the loginProcessingUrl

authenticationProvider

public OneTimeTokenLoginConfigurer<H> authenticationProvider(AuthenticationProvider authenticationProvider)

Specifies the AuthenticationProvider to use when authenticating the user.

Parameters:

authenticationProvider -

tokenGeneratingUrl

public OneTimeTokenLoginConfigurer<H> tokenGeneratingUrl(String tokenGeneratingUrl)

Specifies the URL that a One-Time Token generate request will be processed. Defaults to /ott/generate.

Parameters:

tokenGeneratingUrl -

tokenGenerationSuccessHandler

public OneTimeTokenLoginConfigurer<H> tokenGenerationSuccessHandler(OneTimeTokenGenerationSuccessHandler oneTimeTokenGenerationSuccessHandler)

Specifies strategy to be used to handle generated one-time tokens.

Parameters:

oneTimeTokenGenerationSuccessHandler -

loginProcessingUrl

public OneTimeTokenLoginConfigurer<H> loginProcessingUrl(String loginProcessingUrl)

Specifies the URL to process the login request, defaults to /login/ott. Only POST requests are processed, for that reason make sure that you pass a valid CSRF token if CSRF protection is enabled.

Overrides:

loginProcessingUrl in class AbstractAuthenticationFilterConfigurer<H extends HttpSecurityBuilder<H>,OneTimeTokenLoginConfigurer<H extends HttpSecurityBuilder<H>>,OneTimeTokenAuthenticationFilter>

Parameters:

loginProcessingUrl -

Returns:

the FormLoginConfigurer for additional customization

See Also:

• HttpSecurity.csrf(Customizer)

loginPage

public OneTimeTokenLoginConfigurer<H> loginPage(String loginPage)

Specifies the URL to send users to if login is required. If used with EnableWebSecurity a default login page will be generated when this attribute is not specified.

Overrides:

loginPage in class AbstractAuthenticationFilterConfigurer<H extends HttpSecurityBuilder<H>,OneTimeTokenLoginConfigurer<H extends HttpSecurityBuilder<H>>,OneTimeTokenAuthenticationFilter>

Parameters:

loginPage -

showDefaultSubmitPage

public OneTimeTokenLoginConfigurer<H> showDefaultSubmitPage(boolean show)

Configures whether the default one-time token submit page should be shown. This will prevent the DefaultOneTimeTokenSubmitPageGeneratingFilter to be configured.

Parameters:

show -

defaultSubmitPageUrl

public OneTimeTokenLoginConfigurer<H> defaultSubmitPageUrl(String submitPageUrl)

Sets the URL that the default submit page will be generated. Defaults to /login/ott. If you don't want to generate the default submit page you should use showDefaultSubmitPage(boolean). Note that this method always invoke showDefaultSubmitPage(boolean) passing true.

Parameters:

submitPageUrl -

tokenService

public OneTimeTokenLoginConfigurer<H> tokenService(OneTimeTokenService oneTimeTokenService)

Configures the OneTimeTokenService used to generate and consume OneTimeToken

Parameters:

oneTimeTokenService -

authenticationConverter

public OneTimeTokenLoginConfigurer<H> authenticationConverter(AuthenticationConverter authenticationConverter)

Use this AuthenticationConverter when converting incoming requests to an Authentication. By default, the OneTimeTokenAuthenticationConverter is used.

Parameters:

authenticationConverter - the AuthenticationConverter to use

authenticationFailureHandler

@Deprecated(since="6.5")
public OneTimeTokenLoginConfigurer<H> authenticationFailureHandler(AuthenticationFailureHandler authenticationFailureHandler)

Deprecated.

Use AbstractAuthenticationFilterConfigurer.failureHandler(AuthenticationFailureHandler) instead

Specifies the AuthenticationFailureHandler to use when authentication fails. The default is redirecting to "/login?error" using SimpleUrlAuthenticationFailureHandler

Parameters:

authenticationFailureHandler - the AuthenticationFailureHandler to use when authentication fails.

authenticationSuccessHandler

@Deprecated(since="6.5")
public OneTimeTokenLoginConfigurer<H> authenticationSuccessHandler(AuthenticationSuccessHandler authenticationSuccessHandler)

Deprecated.

Use AbstractAuthenticationFilterConfigurer.successHandler(AuthenticationSuccessHandler) instead

Specifies the AuthenticationSuccessHandler to be used. The default is SavedRequestAwareAuthenticationSuccessHandler with no additional properties set.

Parameters:

authenticationSuccessHandler - the AuthenticationSuccessHandler.

generateRequestResolver

public OneTimeTokenLoginConfigurer<H> generateRequestResolver(GenerateOneTimeTokenRequestResolver requestResolver)

Use this GenerateOneTimeTokenRequestResolver when resolving GenerateOneTimeTokenRequest from HttpServletRequest. By default, the DefaultGenerateOneTimeTokenRequestResolver is used.

Parameters:

requestResolver - the GenerateOneTimeTokenRequestResolver

Since:

6.5

getContext

@Deprecated
public org.springframework.context.ApplicationContext getContext()

Deprecated.

Use this.context instead