org.springframework.security.config.annotation.web.configurers.oauth2.client

Class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>

java.lang.Object

org.springframework.security.config.annotation.SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,B>

org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer<T,B>

org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer<B,OAuth2LoginConfigurer<B>,org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter>

org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer<B>

All Implemented Interfaces:

SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,B>

public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
extends AbstractAuthenticationFilterConfigurer<B,OAuth2LoginConfigurer<B>,org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter>

An AbstractHttpConfigurer for OAuth 2.0 Login, which leverages the OAuth 2.0 Authorization Code Grant Flow.

OAuth 2.0 Login provides an application with the capability to have users log in by using their existing account at an OAuth 2.0 or OpenID Connect 1.0 Provider.

Defaults are provided for all configuration options with the only required configuration being clientRegistrationRepository(ClientRegistrationRepository). Alternatively, a ClientRegistrationRepository @Bean may be registered instead.

Security Filters

The following Filter's are populated:

• OAuth2AuthorizationRequestRedirectFilter
• OAuth2LoginAuthenticationFilter

Shared Objects Created

The following shared objects are populated:

• ClientRegistrationRepository (required)
• OAuth2AuthorizedClientRepository (optional)
• GrantedAuthoritiesMapper (optional)

Shared Objects Used

The following shared objects are used:

• ClientRegistrationRepository
• OAuth2AuthorizedClientRepository
• GrantedAuthoritiesMapper
• DefaultLoginPageGeneratingFilter - if loginPage(String) is not configured and DefaultLoginPageGeneratingFilter is available, than a default login page will be made available

Since:

5.0

See Also:

HttpSecurity.oauth2Login(), OAuth2AuthorizationRequestRedirectFilter, OAuth2LoginAuthenticationFilter, ClientRegistrationRepository, OAuth2AuthorizedClientRepository, AbstractAuthenticationFilterConfigurer

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
class	OAuth2LoginConfigurer.AuthorizationEndpointConfig Configuration options for the Authorization Server's Authorization Endpoint.
class	OAuth2LoginConfigurer.RedirectionEndpointConfig Configuration options for the Client's Redirection Endpoint.
class	OAuth2LoginConfigurer.TokenEndpointConfig Configuration options for the Authorization Server's Token Endpoint.
class	OAuth2LoginConfigurer.UserInfoEndpointConfig Configuration options for the Authorization Server's UserInfo Endpoint.

Constructor Summary

Constructors

Constructor and Description
OAuth2LoginConfigurer()

Method Summary

Modifier and Type	Method and Description
OAuth2LoginConfigurer.AuthorizationEndpointConfig	authorizationEndpoint() Returns the OAuth2LoginConfigurer.AuthorizationEndpointConfig for configuring the Authorization Server's Authorization Endpoint.
OAuth2LoginConfigurer<B>	authorizedClientRepository(org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository authorizedClientRepository) Sets the repository for authorized client(s).
OAuth2LoginConfigurer<B>	authorizedClientService(org.springframework.security.oauth2.client.OAuth2AuthorizedClientService authorizedClientService) Sets the service for authorized client(s).
OAuth2LoginConfigurer<B>	clientRegistrationRepository(org.springframework.security.oauth2.client.registration.ClientRegistrationRepository clientRegistrationRepository) Sets the repository of client registrations.
void	configure(B http) Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.
protected org.springframework.security.web.util.matcher.RequestMatcher	createLoginProcessingUrlMatcher(java.lang.String loginProcessingUrl) Create the RequestMatcher given a loginProcessingUrl
void	init(B http) Initialize the SecurityBuilder.
OAuth2LoginConfigurer<B>	loginPage(java.lang.String loginPage) Specifies the URL to send users to if login is required.
OAuth2LoginConfigurer<B>	loginProcessingUrl(java.lang.String loginProcessingUrl) Specifies the URL to validate the credentials.
OAuth2LoginConfigurer.RedirectionEndpointConfig	redirectionEndpoint() Returns the OAuth2LoginConfigurer.RedirectionEndpointConfig for configuring the Client's Redirection Endpoint.
OAuth2LoginConfigurer.TokenEndpointConfig	tokenEndpoint() Returns the OAuth2LoginConfigurer.TokenEndpointConfig for configuring the Authorization Server's Token Endpoint.
OAuth2LoginConfigurer.UserInfoEndpointConfig	userInfoEndpoint() Returns the OAuth2LoginConfigurer.UserInfoEndpointConfig for configuring the Authorization Server's UserInfo Endpoint.

Methods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer

authenticationDetailsSource, defaultSuccessUrl, defaultSuccessUrl, failureHandler, failureUrl, getAuthenticationEntryPoint, getAuthenticationEntryPointMatcher, getAuthenticationFilter, getFailureUrl, getLoginPage, getLoginProcessingUrl, isCustomLoginPage, permitAll, permitAll, registerAuthenticationEntryPoint, registerDefaultAuthenticationEntryPoint, setAuthenticationFilter, successHandler, updateAccessDefaults, updateAuthenticationDefaults

Methods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer

disable, withObjectPostProcessor

Methods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter

addObjectPostProcessor, and, getBuilder, postProcess, setBuilder

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

OAuth2LoginConfigurer

public OAuth2LoginConfigurer()

Method Detail

clientRegistrationRepository

public OAuth2LoginConfigurer<B> clientRegistrationRepository(org.springframework.security.oauth2.client.registration.ClientRegistrationRepository clientRegistrationRepository)

Sets the repository of client registrations.

Parameters:

clientRegistrationRepository - the repository of client registrations

Returns:

the OAuth2LoginConfigurer for further configuration

authorizedClientRepository

public OAuth2LoginConfigurer<B> authorizedClientRepository(org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository authorizedClientRepository)

Sets the repository for authorized client(s).

Parameters:

authorizedClientRepository - the authorized client repository

Returns:

the OAuth2LoginConfigurer for further configuration

Since:

5.1

authorizedClientService

public OAuth2LoginConfigurer<B> authorizedClientService(org.springframework.security.oauth2.client.OAuth2AuthorizedClientService authorizedClientService)

Sets the service for authorized client(s).

Parameters:

authorizedClientService - the authorized client service

Returns:

the OAuth2LoginConfigurer for further configuration

loginPage

public OAuth2LoginConfigurer<B> loginPage(java.lang.String loginPage)

Description copied from class: AbstractAuthenticationFilterConfigurer

Specifies the URL to send users to if login is required. If used with WebSecurityConfigurerAdapter a default login page will be generated when this attribute is not specified.

If a URL is specified or this is not being used in conjuction with WebSecurityConfigurerAdapter, users are required to process the specified URL to generate a login page.

Overrides:

loginPage in class AbstractAuthenticationFilterConfigurer<B extends HttpSecurityBuilder<B>,OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>,org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter>

loginProcessingUrl

public OAuth2LoginConfigurer<B> loginProcessingUrl(java.lang.String loginProcessingUrl)

Description copied from class: AbstractAuthenticationFilterConfigurer

Specifies the URL to validate the credentials.

Overrides:

loginProcessingUrl in class AbstractAuthenticationFilterConfigurer<B extends HttpSecurityBuilder<B>,OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>,org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter>

Parameters:

loginProcessingUrl - the URL to validate username and password

Returns:

the FormLoginConfigurer for additional customization

authorizationEndpoint

public OAuth2LoginConfigurer.AuthorizationEndpointConfig authorizationEndpoint()

Returns the OAuth2LoginConfigurer.AuthorizationEndpointConfig for configuring the Authorization Server's Authorization Endpoint.

Returns:

the OAuth2LoginConfigurer.AuthorizationEndpointConfig

tokenEndpoint

public OAuth2LoginConfigurer.TokenEndpointConfig tokenEndpoint()

Returns the OAuth2LoginConfigurer.TokenEndpointConfig for configuring the Authorization Server's Token Endpoint.

Returns:

the OAuth2LoginConfigurer.TokenEndpointConfig

redirectionEndpoint

public OAuth2LoginConfigurer.RedirectionEndpointConfig redirectionEndpoint()

Returns the OAuth2LoginConfigurer.RedirectionEndpointConfig for configuring the Client's Redirection Endpoint.

Returns:

the OAuth2LoginConfigurer.RedirectionEndpointConfig

userInfoEndpoint

public OAuth2LoginConfigurer.UserInfoEndpointConfig userInfoEndpoint()

Returns the OAuth2LoginConfigurer.UserInfoEndpointConfig for configuring the Authorization Server's UserInfo Endpoint.

Returns:

the OAuth2LoginConfigurer.UserInfoEndpointConfig

init

public void init(B http)
          throws java.lang.Exception

Description copied from interface: SecurityConfigurer

Initialize the SecurityBuilder. Here only shared state should be created and modified, but not properties on the SecurityBuilder used for building the object. This ensures that the SecurityConfigurer.configure(SecurityBuilder) method uses the correct shared objects when building.

Specified by:

init in interface SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,B extends HttpSecurityBuilder<B>>

Overrides:

init in class AbstractAuthenticationFilterConfigurer<B extends HttpSecurityBuilder<B>,OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>,org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter>

Throws:

java.lang.Exception

configure

public void configure(B http)
               throws java.lang.Exception

Description copied from interface: SecurityConfigurer

Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.

Specified by:

configure in interface SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,B extends HttpSecurityBuilder<B>>

Overrides:

configure in class AbstractAuthenticationFilterConfigurer<B extends HttpSecurityBuilder<B>,OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>,org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter>

Throws:

java.lang.Exception

createLoginProcessingUrlMatcher

protected org.springframework.security.web.util.matcher.RequestMatcher createLoginProcessingUrlMatcher(java.lang.String loginProcessingUrl)

Description copied from class: AbstractAuthenticationFilterConfigurer

Create the RequestMatcher given a loginProcessingUrl

Specified by:

createLoginProcessingUrlMatcher in class AbstractAuthenticationFilterConfigurer<B extends HttpSecurityBuilder<B>,OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>,org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter>

Parameters:

loginProcessingUrl - creates the RequestMatcher based upon the loginProcessingUrl

Returns:

the RequestMatcher to use based upon the loginProcessingUrl