Package org.springframework.security.config.web.server

Class ServerHttpSecurity.FormLoginSpec

java.lang.Object

org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec

Enclosing class:

ServerHttpSecurity

public final class ServerHttpSecurity.FormLoginSpec
extends Object

Configures Form Based authentication

Since:

5.0

See Also:

• ServerHttpSecurity.formLogin()

Method Summary

Modifier and Type	Method	Description
ServerHttpSecurity	and()	Allows method chaining to continue configuring the ServerHttpSecurity
ServerHttpSecurity.FormLoginSpec	authenticationEntryPoint(ServerAuthenticationEntryPoint authenticationEntryPoint)	How to request for authentication.
ServerHttpSecurity.FormLoginSpec	authenticationFailureHandler(ServerAuthenticationFailureHandler authenticationFailureHandler)	Configures how a failed authentication is handled.
ServerHttpSecurity.FormLoginSpec	authenticationManager(ReactiveAuthenticationManager authenticationManager)	The ReactiveAuthenticationManager used to authenticate.
ServerHttpSecurity.FormLoginSpec	authenticationSuccessHandler(ServerAuthenticationSuccessHandler authenticationSuccessHandler)	The ServerAuthenticationSuccessHandler used after authentication success.
protected void	configure(ServerHttpSecurity http)
ServerHttpSecurity	disable()	Disables HTTP Basic authentication.
ServerHttpSecurity.FormLoginSpec	loginPage(String loginPage)	Configures the log in page to redirect to, the authentication failure page, and when authentication is performed.
ServerHttpSecurity.FormLoginSpec	requiresAuthenticationMatcher(ServerWebExchangeMatcher requiresAuthenticationMatcher)	Configures when authentication is performed.
ServerHttpSecurity.FormLoginSpec	securityContextRepository(ServerSecurityContextRepository securityContextRepository)	The ServerSecurityContextRepository used to save the Authentication.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

authenticationManager

public ServerHttpSecurity.FormLoginSpec authenticationManager(ReactiveAuthenticationManager authenticationManager)

The ReactiveAuthenticationManager used to authenticate. Defaults to ServerHttpSecurity.authenticationManager(ReactiveAuthenticationManager).

Parameters:

authenticationManager - the authentication manager to use

Returns:

the ServerHttpSecurity.FormLoginSpec to continue configuring

authenticationSuccessHandler

public ServerHttpSecurity.FormLoginSpec authenticationSuccessHandler(ServerAuthenticationSuccessHandler authenticationSuccessHandler)

The ServerAuthenticationSuccessHandler used after authentication success. Defaults to RedirectServerAuthenticationSuccessHandler.

Parameters:

authenticationSuccessHandler - the success handler to use

Returns:

the ServerHttpSecurity.FormLoginSpec to continue configuring

loginPage

public ServerHttpSecurity.FormLoginSpec loginPage(String loginPage)

Configures the log in page to redirect to, the authentication failure page, and when authentication is performed. The default is that Spring Security will generate a log in page at "/login" and a log out page at "/logout". If this is customized:

• The default log in & log out page are no longer provided
• The application must render a log in page at the provided URL
• The application must render an authentication error page at the provided URL + "?error"
• Authentication will occur for POST to the provided URL

Parameters:

loginPage - the url to redirect to which provides a form to log in (i.e. "/login")

Returns:

the ServerHttpSecurity.FormLoginSpec to continue configuring

See Also:

• authenticationEntryPoint(ServerAuthenticationEntryPoint)
• requiresAuthenticationMatcher(ServerWebExchangeMatcher)
• authenticationFailureHandler(ServerAuthenticationFailureHandler)

authenticationEntryPoint

public ServerHttpSecurity.FormLoginSpec authenticationEntryPoint(ServerAuthenticationEntryPoint authenticationEntryPoint)

How to request for authentication. The default is that Spring Security will generate a log in page at "/login".

Parameters:

authenticationEntryPoint - the entry point to use

Returns:

the ServerHttpSecurity.FormLoginSpec to continue configuring

See Also:

• loginPage(String)

requiresAuthenticationMatcher

public ServerHttpSecurity.FormLoginSpec requiresAuthenticationMatcher(ServerWebExchangeMatcher requiresAuthenticationMatcher)

Configures when authentication is performed. The default is a POST to "/login".

Parameters:

requiresAuthenticationMatcher - the matcher to use

Returns:

the ServerHttpSecurity.FormLoginSpec to continue configuring

See Also:

• loginPage(String)

authenticationFailureHandler

public ServerHttpSecurity.FormLoginSpec authenticationFailureHandler(ServerAuthenticationFailureHandler authenticationFailureHandler)

Configures how a failed authentication is handled. The default is to redirect to "/login?error".

Parameters:

authenticationFailureHandler - the handler to use

Returns:

the ServerHttpSecurity.FormLoginSpec to continue configuring

See Also:

• loginPage(String)

securityContextRepository

public ServerHttpSecurity.FormLoginSpec securityContextRepository(ServerSecurityContextRepository securityContextRepository)

The ServerSecurityContextRepository used to save the Authentication. Defaults to WebSessionServerSecurityContextRepository. For the SecurityContext to be loaded on subsequent requests the ReactorContextWebFilter must be configured to be able to load the value (they are not implicitly linked).

Parameters:

securityContextRepository - the repository to use

Returns:

the ServerHttpSecurity.FormLoginSpec to continue configuring

and

public ServerHttpSecurity and()

Allows method chaining to continue configuring the ServerHttpSecurity

Returns:

the ServerHttpSecurity to continue configuring

disable

public ServerHttpSecurity disable()

Disables HTTP Basic authentication.

Returns:

the ServerHttpSecurity to continue configuring

configure

protected void configure(ServerHttpSecurity http)