Class X509Configurer<H extends HttpSecurityBuilder<H>>
java.lang.Object
org.springframework.security.config.annotation.SecurityConfigurerAdapter<DefaultSecurityFilterChain,B>
org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer<X509Configurer<H>,H>
org.springframework.security.config.annotation.web.configurers.X509Configurer<H>
- All Implemented Interfaces:
SecurityConfigurer<DefaultSecurityFilterChain,
H>
public final class X509Configurer<H extends HttpSecurityBuilder<H>>
extends AbstractHttpConfigurer<X509Configurer<H>,H>
Adds X509 based pre authentication to an application. Since validating the certificate
happens when the client connects, the requesting and validation of the client
certificate should be performed by the container. Spring Security will then use the
certificate to look up the
Authentication
for the user.
Security Filters
The following Filters are populated
Shared Objects Created
The following shared objects are created
AuthenticationEntryPoint
is populated with anHttp403ForbiddenEntryPoint
- A
PreAuthenticatedAuthenticationProvider
is populated intoHttpSecurity.authenticationProvider(org.springframework.security.authentication.AuthenticationProvider)
Shared Objects Used
The following shared objects are used:
- A
UserDetailsService
shared object is used if noAuthenticationUserDetailsService
is specified
- Since:
- 3.2
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionauthenticationDetailsSource
(AuthenticationDetailsSource<jakarta.servlet.http.HttpServletRequest, PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails> authenticationDetailsSource) Specifies theAuthenticationDetailsSource
authenticationUserDetailsService
(AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken> authenticationUserDetailsService) Specifies theAuthenticationUserDetailsService
to use.void
Configure theSecurityBuilder
by setting the necessary properties on theSecurityBuilder
.void
Initialize theSecurityBuilder
.subjectPrincipalRegex
(String subjectPrincipalRegex) Specifies the regex to extract the principal from the certificate.userDetailsService
(UserDetailsService userDetailsService) Shortcut for invokingauthenticationUserDetailsService(AuthenticationUserDetailsService)
with aUserDetailsByNameServiceWrapper
.x509AuthenticationFilter
(X509AuthenticationFilter x509AuthenticationFilter) Allows specifying the entireX509AuthenticationFilter
.x509PrincipalExtractor
(X509PrincipalExtractor x509PrincipalExtractor) Specifies theX509PrincipalExtractor
Methods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer
disable, getSecurityContextHolderStrategy, withObjectPostProcessor
Methods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter
addObjectPostProcessor, and, getBuilder, postProcess, setBuilder
-
Constructor Details
-
X509Configurer
public X509Configurer()Creates a new instance- See Also:
-
-
Method Details
-
x509AuthenticationFilter
public X509Configurer<H> x509AuthenticationFilter(X509AuthenticationFilter x509AuthenticationFilter) Allows specifying the entireX509AuthenticationFilter
. If this is specified, the properties onX509Configurer
will not be populated on theX509AuthenticationFilter
.- Parameters:
x509AuthenticationFilter
- theX509AuthenticationFilter
to use- Returns:
- the
X509Configurer
for further customizations
-
x509PrincipalExtractor
Specifies theX509PrincipalExtractor
- Parameters:
x509PrincipalExtractor
- theX509PrincipalExtractor
to use- Returns:
- the
X509Configurer
to use
-
authenticationDetailsSource
public X509Configurer<H> authenticationDetailsSource(AuthenticationDetailsSource<jakarta.servlet.http.HttpServletRequest, PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails> authenticationDetailsSource) Specifies theAuthenticationDetailsSource
- Parameters:
authenticationDetailsSource
- theAuthenticationDetailsSource
to use- Returns:
- the
X509Configurer
to use
-
userDetailsService
Shortcut for invokingauthenticationUserDetailsService(AuthenticationUserDetailsService)
with aUserDetailsByNameServiceWrapper
.- Parameters:
userDetailsService
- theUserDetailsService
to use- Returns:
- the
X509Configurer
for further customizations
-
authenticationUserDetailsService
public X509Configurer<H> authenticationUserDetailsService(AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken> authenticationUserDetailsService) Specifies theAuthenticationUserDetailsService
to use. If not specified, then theUserDetailsService
bean will be used by default.- Parameters:
authenticationUserDetailsService
- theAuthenticationUserDetailsService
to use- Returns:
- the
X509Configurer
for further customizations
-
subjectPrincipalRegex
Specifies the regex to extract the principal from the certificate. If not specified, the default expression fromSubjectDnX509PrincipalExtractor
is used.- Parameters:
subjectPrincipalRegex
- the regex to extract the user principal from the certificate (i.e. "CN=(.*?)(?:,|$)").- Returns:
- the
X509Configurer
for further customizations
-
init
Description copied from interface:SecurityConfigurer
Initialize theSecurityBuilder
. Here only shared state should be created and modified, but not properties on theSecurityBuilder
used for building the object. This ensures that theSecurityConfigurer.configure(SecurityBuilder)
method uses the correct shared objects when building. Configurers should be applied here.- Specified by:
init
in interfaceSecurityConfigurer<DefaultSecurityFilterChain,
H extends HttpSecurityBuilder<H>> - Overrides:
init
in classSecurityConfigurerAdapter<DefaultSecurityFilterChain,
H extends HttpSecurityBuilder<H>>
-
configure
Description copied from interface:SecurityConfigurer
Configure theSecurityBuilder
by setting the necessary properties on theSecurityBuilder
.- Specified by:
configure
in interfaceSecurityConfigurer<DefaultSecurityFilterChain,
H extends HttpSecurityBuilder<H>> - Overrides:
configure
in classSecurityConfigurerAdapter<DefaultSecurityFilterChain,
H extends HttpSecurityBuilder<H>>
-