Package org.springframework.security.config.annotation.web.configurers

Class AbstractAuthenticationFilterConfigurer<B extends HttpSecurityBuilder<B>,​T extends AbstractAuthenticationFilterConfigurer<B,​T,​F>,​F extends org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter>

    • Constructor Detail

      • AbstractAuthenticationFilterConfigurer

        protected AbstractAuthenticationFilterConfigurer()
        Creates a new instance with minimal defaults

      • AbstractAuthenticationFilterConfigurer

        protected AbstractAuthenticationFilterConfigurer​(F authenticationFilter,
                                                 java.lang.String defaultLoginProcessingUrl)
        Creates a new instance
        Parameters:
        authenticationFilter - the AbstractAuthenticationProcessingFilter to use
        defaultLoginProcessingUrl - the default URL to use for loginProcessingUrl(String)

    • Method Detail

      • defaultSuccessUrl

        public final T defaultSuccessUrl​(java.lang.String defaultSuccessUrl)
        Specifies where users will be redirected after authenticating successfully if they have not visited a secured page prior to authenticating. This is a shortcut for calling defaultSuccessUrl(String, boolean).
        Parameters:
        defaultSuccessUrl - the default success url
        Returns:
        the FormLoginConfigurer for additional customization

      • defaultSuccessUrl

        public final T defaultSuccessUrl​(java.lang.String defaultSuccessUrl,
                                 boolean alwaysUse)
        Specifies where users will be redirected after authenticating successfully if they have not visited a secured page prior to authenticating or alwaysUse is true. This is a shortcut for calling successHandler(AuthenticationSuccessHandler).
        Parameters:
        defaultSuccessUrl - the default success url
        alwaysUse - true if the defaultSuccesUrl should be used after authentication despite if a protected page had been previously visited
        Returns:
        the FormLoginConfigurer for additional customization

      • loginProcessingUrl

        public T loginProcessingUrl​(java.lang.String loginProcessingUrl)
        Specifies the URL to validate the credentials.
        Parameters:
        loginProcessingUrl - the URL to validate username and password
        Returns:
        the FormLoginConfigurer for additional customization

      • securityContextRepository

        public T securityContextRepository​(org.springframework.security.web.context.SecurityContextRepository securityContextRepository)

      • createLoginProcessingUrlMatcher

        protected abstract org.springframework.security.web.util.matcher.RequestMatcher createLoginProcessingUrlMatcher​(java.lang.String loginProcessingUrl)
        Create the RequestMatcher given a loginProcessingUrl
        Parameters:
        loginProcessingUrl - creates the RequestMatcher based upon the loginProcessingUrl
        Returns:
        the RequestMatcher to use based upon the loginProcessingUrl

      • authenticationDetailsSource

        public final T authenticationDetailsSource​(org.springframework.security.authentication.AuthenticationDetailsSource<javax.servlet.http.HttpServletRequest,​?> authenticationDetailsSource)
        Specifies a custom AuthenticationDetailsSource. The default is WebAuthenticationDetailsSource.
        Parameters:
        authenticationDetailsSource - the custom AuthenticationDetailsSource
        Returns:
        the FormLoginConfigurer for additional customization

      • successHandler

        public final T successHandler​(org.springframework.security.web.authentication.AuthenticationSuccessHandler successHandler)
        Specifies the AuthenticationSuccessHandler to be used. The default is SavedRequestAwareAuthenticationSuccessHandler with no additional properties set.
        Parameters:
        successHandler - the AuthenticationSuccessHandler.
        Returns:
        the FormLoginConfigurer for additional customization

      • permitAll

        public final T permitAll()
        Equivalent of invoking permitAll(true)
        Returns:
        the FormLoginConfigurer for additional customization

      • failureUrl

        public final T failureUrl​(java.lang.String authenticationFailureUrl)
        The URL to send users if authentication fails. This is a shortcut for invoking failureHandler(AuthenticationFailureHandler). The default is "/login?error".
        Parameters:
        authenticationFailureUrl - the URL to send users if authentication fails (i.e. "/login?error").
        Returns:
        the FormLoginConfigurer for additional customization

      • failureHandler

        public final T failureHandler​(org.springframework.security.web.authentication.AuthenticationFailureHandler authenticationFailureHandler)
        Specifies the AuthenticationFailureHandler to use when authentication fails. The default is redirecting to "/login?error" using SimpleUrlAuthenticationFailureHandler
        Parameters:
        authenticationFailureHandler - the AuthenticationFailureHandler to use when authentication fails.
        Returns:
        the FormLoginConfigurer for additional customization

      • registerDefaultAuthenticationEntryPoint

        protected final void registerDefaultAuthenticationEntryPoint​(B http)

      • registerAuthenticationEntryPoint

        protected final void registerAuthenticationEntryPoint​(B http,
                                                      org.springframework.security.web.AuthenticationEntryPoint authenticationEntryPoint)

      • getAuthenticationEntryPointMatcher

        protected final org.springframework.security.web.util.matcher.RequestMatcher getAuthenticationEntryPointMatcher​(B http)

      • loginPage

        protected T loginPage​(java.lang.String loginPage)

        Specifies the URL to send users to if login is required. If used with EnableWebSecurity a default login page will be generated when this attribute is not specified.

        If a URL is specified or this is not being used in conjunction with EnableWebSecurity, users are required to process the specified URL to generate a login page.

      • isCustomLoginPage

        public final boolean isCustomLoginPage()
        Returns:
        true if a custom login page has been specified, else false

      • getAuthenticationFilter

        protected final F getAuthenticationFilter()
        Gets the Authentication Filter
        Returns:
        the Authentication Filter

      • setAuthenticationFilter

        protected final void setAuthenticationFilter​(F authFilter)
        Sets the Authentication Filter
        Parameters:
        authFilter - the Authentication Filter

      • getLoginPage

        protected final java.lang.String getLoginPage()
        Gets the login page
        Returns:
        the login page

      • getAuthenticationEntryPoint

        protected final org.springframework.security.web.AuthenticationEntryPoint getAuthenticationEntryPoint()
        Gets the Authentication Entry Point
        Returns:
        the Authentication Entry Point

      • getLoginProcessingUrl

        protected final java.lang.String getLoginProcessingUrl()
        Gets the URL to submit an authentication request to (i.e. where username/password must be submitted)
        Returns:
        the URL to submit an authentication request to

      • getFailureUrl

        protected final java.lang.String getFailureUrl()
        Gets the URL to send users to if authentication fails
        Returns:
        the URL to send users if authentication fails (e.g. "/login?error").

      • updateAuthenticationDefaults

        protected final void updateAuthenticationDefaults()
        Updates the default values for authentication.
        Throws:
        java.lang.Exception

      • updateAccessDefaults

        protected final void updateAccessDefaults​(B http)
        Updates the default values for access.