Class AuthenticationManagerBuilder
- All Implemented Interfaces:
ProviderManagerBuilder<AuthenticationManagerBuilder>
,SecurityBuilder<AuthenticationManager>
SecurityBuilder
used to create an AuthenticationManager
. Allows for
easily building in memory authentication, LDAP authentication, JDBC based
authentication, adding UserDetailsService
, and adding
AuthenticationProvider
's.- Since:
- 3.2
-
Constructor Summary
ConstructorDescriptionAuthenticationManagerBuilder
(ObjectPostProcessor<Object> objectPostProcessor) Creates a new instance -
Method Summary
Modifier and TypeMethodDescriptionauthenticationEventPublisher
(AuthenticationEventPublisher eventPublisher) Sets theAuthenticationEventPublisher
authenticationProvider
(AuthenticationProvider authenticationProvider) Add authentication based upon the customAuthenticationProvider
that is passed in.eraseCredentials
(boolean eraseCredentials) Gets the defaultUserDetailsService
for theAuthenticationManagerBuilder
.Add in memory authentication to theAuthenticationManagerBuilder
and return aInMemoryUserDetailsManagerConfigurer
to allow customization of the in memory authentication.boolean
Determines if theAuthenticationManagerBuilder
is configured to build a non nullAuthenticationManager
.Add JDBC authentication to theAuthenticationManagerBuilder
and return aJdbcUserDetailsManagerConfigurer
to allow customization of the JDBC authentication.Add LDAP authentication to theAuthenticationManagerBuilder
and return aLdapAuthenticationProviderConfigurer
to allow customization of the LDAP authentication.parentAuthenticationManager
(AuthenticationManager authenticationManager) Allows providing a parentAuthenticationManager
that will be tried if thisAuthenticationManager
was unable to attempt to authenticate the providedAuthentication
.protected ProviderManager
Subclasses must implement this method to build the object that is being returned.userDetailsService
(T userDetailsService) Add authentication based upon the customUserDetailsService
that is passed in.Methods inherited from class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder
apply, beforeConfigure, beforeInit, doBuild, getConfigurer, getConfigurers, getOrBuild, getSharedObject, getSharedObjects, objectPostProcessor, postProcess, removeConfigurer, removeConfigurers, setSharedObject
Methods inherited from class org.springframework.security.config.annotation.AbstractSecurityBuilder
build, getObject
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface org.springframework.security.config.annotation.SecurityBuilder
build
-
Constructor Details
-
AuthenticationManagerBuilder
Creates a new instance- Parameters:
objectPostProcessor
- theObjectPostProcessor
instance to use.
-
-
Method Details
-
parentAuthenticationManager
public AuthenticationManagerBuilder parentAuthenticationManager(AuthenticationManager authenticationManager) Allows providing a parentAuthenticationManager
that will be tried if thisAuthenticationManager
was unable to attempt to authenticate the providedAuthentication
.- Parameters:
authenticationManager
- theAuthenticationManager
that should be used if the currentAuthenticationManager
was unable to attempt to authenticate the providedAuthentication
.- Returns:
- the
AuthenticationManagerBuilder
for further adding types of authentication
-
authenticationEventPublisher
public AuthenticationManagerBuilder authenticationEventPublisher(AuthenticationEventPublisher eventPublisher) Sets theAuthenticationEventPublisher
- Parameters:
eventPublisher
- theAuthenticationEventPublisher
to use- Returns:
- the
AuthenticationManagerBuilder
for further customizations
-
eraseCredentials
- Parameters:
eraseCredentials
- true ifAuthenticationManager
should clear the credentials from theAuthentication
object after authenticating- Returns:
- the
AuthenticationManagerBuilder
for further customizations
-
inMemoryAuthentication
public InMemoryUserDetailsManagerConfigurer<AuthenticationManagerBuilder> inMemoryAuthentication() throws ExceptionAdd in memory authentication to theAuthenticationManagerBuilder
and return aInMemoryUserDetailsManagerConfigurer
to allow customization of the in memory authentication.This method also ensure that a
UserDetailsService
is available for thegetDefaultUserDetailsService()
method. Note that additionalUserDetailsService
's may override thisUserDetailsService
as the default.- Returns:
- a
InMemoryUserDetailsManagerConfigurer
to allow customization of the in memory authentication - Throws:
Exception
- if an error occurs when adding the in memory authentication
-
jdbcAuthentication
public JdbcUserDetailsManagerConfigurer<AuthenticationManagerBuilder> jdbcAuthentication() throws ExceptionAdd JDBC authentication to theAuthenticationManagerBuilder
and return aJdbcUserDetailsManagerConfigurer
to allow customization of the JDBC authentication.When using with a persistent data store, it is best to add users external of configuration using something like Flyway or Liquibase to create the schema and adding users to ensure these steps are only done once and that the optimal SQL is used.
This method also ensure that a
UserDetailsService
is available for thegetDefaultUserDetailsService()
method. Note that additionalUserDetailsService
's may override thisUserDetailsService
as the default. See the User Schema section of the reference for the default schema.- Returns:
- a
JdbcUserDetailsManagerConfigurer
to allow customization of the JDBC authentication - Throws:
Exception
- if an error occurs when adding the JDBC authentication
-
userDetailsService
public <T extends UserDetailsService> DaoAuthenticationConfigurer<AuthenticationManagerBuilder,T> userDetailsService(T userDetailsService) throws Exception Add authentication based upon the customUserDetailsService
that is passed in. It then returns aDaoAuthenticationConfigurer
to allow customization of the authentication.This method also ensure that the
UserDetailsService
is available for thegetDefaultUserDetailsService()
method. Note that additionalUserDetailsService
's may override thisUserDetailsService
as the default.- Returns:
- a
DaoAuthenticationConfigurer
to allow customization of the DAO authentication - Throws:
Exception
- if an error occurs when adding theUserDetailsService
based authentication
-
ldapAuthentication
public LdapAuthenticationProviderConfigurer<AuthenticationManagerBuilder> ldapAuthentication() throws ExceptionAdd LDAP authentication to theAuthenticationManagerBuilder
and return aLdapAuthenticationProviderConfigurer
to allow customization of the LDAP authentication.This method does NOT ensure that a
UserDetailsService
is available for thegetDefaultUserDetailsService()
method.- Returns:
- a
LdapAuthenticationProviderConfigurer
to allow customization of the LDAP authentication - Throws:
Exception
- if an error occurs when adding the LDAP authentication
-
authenticationProvider
public AuthenticationManagerBuilder authenticationProvider(AuthenticationProvider authenticationProvider) Add authentication based upon the customAuthenticationProvider
that is passed in. Since theAuthenticationProvider
implementation is unknown, all customizations must be done externally and theAuthenticationManagerBuilder
is returned immediately.This method does NOT ensure that the
UserDetailsService
is available for thegetDefaultUserDetailsService()
method. Note that anException
might be thrown if an error occurs when adding theAuthenticationProvider
.- Specified by:
authenticationProvider
in interfaceProviderManagerBuilder<AuthenticationManagerBuilder>
- Returns:
- a
AuthenticationManagerBuilder
to allow further authentication to be provided to theAuthenticationManagerBuilder
-
performBuild
Description copied from class:AbstractConfiguredSecurityBuilder
Subclasses must implement this method to build the object that is being returned.- Specified by:
performBuild
in classAbstractConfiguredSecurityBuilder<AuthenticationManager,
AuthenticationManagerBuilder> - Returns:
- the Object to be buit or null if the implementation allows it
- Throws:
Exception
-
isConfigured
public boolean isConfigured()Determines if theAuthenticationManagerBuilder
is configured to build a non nullAuthenticationManager
. This means that either a non-null parent is specified or at least oneAuthenticationProvider
has been specified.When using
SecurityConfigurer
instances, theAuthenticationManagerBuilder
will not be configured until theSecurityConfigurer.configure(SecurityBuilder)
methods. This means aSecurityConfigurer
that is last could check this method and provide a default configuration in theSecurityConfigurer.configure(SecurityBuilder)
method.- Returns:
- true, if
AuthenticationManagerBuilder
is configured, otherwise false
-
getDefaultUserDetailsService
Gets the defaultUserDetailsService
for theAuthenticationManagerBuilder
. The result may be null in some circumstances.- Returns:
- the default
UserDetailsService
for theAuthenticationManagerBuilder
-