Class JeeConfigurer<H extends HttpSecurityBuilder<H>>
java.lang.Object
org.springframework.security.config.annotation.SecurityConfigurerAdapter<DefaultSecurityFilterChain,B>
org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer<JeeConfigurer<H>,H>
org.springframework.security.config.annotation.web.configurers.JeeConfigurer<H>
- All Implemented Interfaces:
SecurityConfigurer<DefaultSecurityFilterChain,
H>
public final class JeeConfigurer<H extends HttpSecurityBuilder<H>>
extends AbstractHttpConfigurer<JeeConfigurer<H>,H>
Adds support for J2EE pre authentication.
Security Filters
The following Filters are populatedShared Objects Created
AuthenticationEntryPoint
is populated with anHttp403ForbiddenEntryPoint
- A
PreAuthenticatedAuthenticationProvider
is populated intoHttpSecurity.authenticationProvider(org.springframework.security.authentication.AuthenticationProvider)
Shared Objects Used
The following shared objects are used:- Since:
- 3.2
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionauthenticatedUserDetailsService
(AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken> authenticatedUserDetailsService) Specifies theAuthenticationUserDetailsService
that is used with thePreAuthenticatedAuthenticationProvider
.void
Configure theSecurityBuilder
by setting the necessary properties on theSecurityBuilder
.void
j2eePreAuthenticatedProcessingFilter
(J2eePreAuthenticatedProcessingFilter j2eePreAuthenticatedProcessingFilter) Allows specifying theJ2eePreAuthenticatedProcessingFilter
to use.mappableAuthorities
(String... mappableRoles) Specifies roles to use map from theHttpServletRequest
to theUserDetails
.mappableAuthorities
(Set<String> mappableRoles) Specifies roles to use map from theHttpServletRequest
to theUserDetails
.mappableRoles
(String... mappableRoles) Specifies roles to use map from theHttpServletRequest
to theUserDetails
and automatically prefixes it with "ROLE_".Methods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer
disable, getSecurityContextHolderStrategy, withObjectPostProcessor
Methods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter
addObjectPostProcessor, and, getBuilder, postProcess, setBuilder
-
Constructor Details
-
JeeConfigurer
public JeeConfigurer()Creates a new instance- See Also:
-
-
Method Details
-
mappableAuthorities
Specifies roles to use map from theHttpServletRequest
to theUserDetails
. IfHttpServletRequest.isUserInRole(String)
returns true, the role is added to theUserDetails
. This method is the equivalent of invokingmappableAuthorities(Set)
. Multiple invocations ofmappableAuthorities(String...)
will override previous invocations.There are no default roles that are mapped.
- Parameters:
mappableRoles
- the roles to attempt to map to theUserDetails
(i.e. "ROLE_USER", "ROLE_ADMIN", etc).- Returns:
- the
JeeConfigurer
for further customizations - See Also:
-
mappableRoles
Specifies roles to use map from theHttpServletRequest
to theUserDetails
and automatically prefixes it with "ROLE_". IfHttpServletRequest.isUserInRole(String)
returns true, the role is added to theUserDetails
. This method is the equivalent of invokingmappableAuthorities(Set)
. Multiple invocations ofmappableRoles(String...)
will override previous invocations.There are no default roles that are mapped.
- Parameters:
mappableRoles
- the roles to attempt to map to theUserDetails
(i.e. "USER", "ADMIN", etc).- Returns:
- the
JeeConfigurer
for further customizations - See Also:
-
mappableAuthorities
Specifies roles to use map from theHttpServletRequest
to theUserDetails
. IfHttpServletRequest.isUserInRole(String)
returns true, the role is added to theUserDetails
. This is the equivalent ofmappableRoles(String...)
. Multiple invocations ofmappableAuthorities(Set)
will override previous invocations.There are no default roles that are mapped.
- Parameters:
mappableRoles
- the roles to attempt to map to theUserDetails
.- Returns:
- the
JeeConfigurer
for further customizations - See Also:
-
authenticatedUserDetailsService
public JeeConfigurer<H> authenticatedUserDetailsService(AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken> authenticatedUserDetailsService) Specifies theAuthenticationUserDetailsService
that is used with thePreAuthenticatedAuthenticationProvider
. The default is aPreAuthenticatedGrantedAuthoritiesUserDetailsService
.- Parameters:
authenticatedUserDetailsService
- theAuthenticationUserDetailsService
to use.- Returns:
- the
JeeConfigurer
for further configuration
-
j2eePreAuthenticatedProcessingFilter
public JeeConfigurer<H> j2eePreAuthenticatedProcessingFilter(J2eePreAuthenticatedProcessingFilter j2eePreAuthenticatedProcessingFilter) Allows specifying theJ2eePreAuthenticatedProcessingFilter
to use. IfJ2eePreAuthenticatedProcessingFilter
is provided, all of its attributes must also be configured manually (i.e. all attributes populated in theJeeConfigurer
are not used).- Parameters:
j2eePreAuthenticatedProcessingFilter
- theJ2eePreAuthenticatedProcessingFilter
to use.- Returns:
- the
JeeConfigurer
for further configuration
-
init
Populates aPreAuthenticatedAuthenticationProvider
intoHttpSecurity.authenticationProvider(org.springframework.security.authentication.AuthenticationProvider)
and aHttp403ForbiddenEntryPoint
intoHttpSecurityBuilder.setSharedObject(Class, Object)
- Specified by:
init
in interfaceSecurityConfigurer<DefaultSecurityFilterChain,
H extends HttpSecurityBuilder<H>> - Overrides:
init
in classSecurityConfigurerAdapter<DefaultSecurityFilterChain,
H extends HttpSecurityBuilder<H>> - See Also:
-
configure
Description copied from interface:SecurityConfigurer
Configure theSecurityBuilder
by setting the necessary properties on theSecurityBuilder
.- Specified by:
configure
in interfaceSecurityConfigurer<DefaultSecurityFilterChain,
H extends HttpSecurityBuilder<H>> - Overrides:
configure
in classSecurityConfigurerAdapter<DefaultSecurityFilterChain,
H extends HttpSecurityBuilder<H>>
-