Class AuthorizationServerWebSecurityConfiguration
- java.lang.Object
-
- org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
-
- com.broadleafcommerce.auth.user.autoconfigure.AuthorizationServerWebSecurityConfiguration
-
- All Implemented Interfaces:
org.springframework.security.config.annotation.SecurityConfigurer<javax.servlet.Filter,org.springframework.security.config.annotation.web.builders.WebSecurity>,org.springframework.security.config.annotation.web.WebSecurityConfigurer<org.springframework.security.config.annotation.web.builders.WebSecurity>
@Configuration @EnableConfigurationProperties({AuthorizationServerProperties.class,UserLoginProperties.class,VerifyRedirectCookieProperties.class,UserLockoutProperties.class,EmbeddedLoginProperties.class}) @AutoConfigureBefore(org.springframework.boot.autoconfigure.security.servlet.UserDetailsServiceAutoConfiguration.class) public class AuthorizationServerWebSecurityConfiguration extends org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapterSet up the spring security configuration for our OAuth server- Author:
- Jeff Fischer, Samarth Dhruva (samarthd)
-
-
Constructor Summary
Constructors Constructor Description AuthorizationServerWebSecurityConfiguration(org.springframework.security.web.savedrequest.RequestCache requestCache, AuthorizationServerProperties authorizationServerProps, StatelessUtil statelessUtil, org.springframework.security.oauth2.provider.ClientDetailsService clientDetailsService, AuthenticationLogoutHandler authenticationLogoutHandler, org.springframework.security.oauth2.client.web.AuthorizationRequestRepository<org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest> authorizationRequestRepository, org.springframework.security.authentication.AuthenticationDetailsSource<javax.servlet.http.HttpServletRequest,?> authenticationDetailsSource, org.springframework.security.web.authentication.session.SessionAuthenticationStrategy sessionAuthenticationStrategy, FormLoginAuthenticationProvider formLoginAuthenticationProvider, OAuth2SessionAuthenticationProvider oAuth2SessionAuthenticationProvider, VerifyRedirectCookieFilter verifyRedirectCookieFilter, ClientIdFilter clientIdFilter, UserLockoutService userLockoutService, EmbeddedLoginProperties embeddedLoginProperties, Optional<EmbeddedLoginAuthenticationProvider> embeddedLoginAuthenticationProvider, Optional<EmbeddedLoginTokenAuthenticationProvider> embeddedLoginTokenAuthenticationProvider, AuthorizationServerService<AuthorizationServer> authorizationServerService, AuthorizedClientService<AuthorizedClient> authorizedClientService, PasscodeService<PasswordToken,User> passcodeService, UserService<User> userService)
-
Method Summary
-
Methods inherited from class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
authenticationManager, authenticationManagerBean, getApplicationContext, getHttp, init, setApplicationContext, setAuthenticationConfiguration, setContentNegotationStrategy, setObjectPostProcessor, setTrustResolver, userDetailsService, userDetailsServiceBean
-
-
-
-
Constructor Detail
-
AuthorizationServerWebSecurityConfiguration
public AuthorizationServerWebSecurityConfiguration(org.springframework.security.web.savedrequest.RequestCache requestCache, AuthorizationServerProperties authorizationServerProps, StatelessUtil statelessUtil, org.springframework.security.oauth2.provider.ClientDetailsService clientDetailsService, AuthenticationLogoutHandler authenticationLogoutHandler, org.springframework.security.oauth2.client.web.AuthorizationRequestRepository<org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest> authorizationRequestRepository, org.springframework.security.authentication.AuthenticationDetailsSource<javax.servlet.http.HttpServletRequest,?> authenticationDetailsSource, org.springframework.security.web.authentication.session.SessionAuthenticationStrategy sessionAuthenticationStrategy, FormLoginAuthenticationProvider formLoginAuthenticationProvider, OAuth2SessionAuthenticationProvider oAuth2SessionAuthenticationProvider, VerifyRedirectCookieFilter verifyRedirectCookieFilter, ClientIdFilter clientIdFilter, UserLockoutService userLockoutService, EmbeddedLoginProperties embeddedLoginProperties, Optional<EmbeddedLoginAuthenticationProvider> embeddedLoginAuthenticationProvider, Optional<EmbeddedLoginTokenAuthenticationProvider> embeddedLoginTokenAuthenticationProvider, AuthorizationServerService<AuthorizationServer> authorizationServerService, AuthorizedClientService<AuthorizedClient> authorizedClientService, PasscodeService<PasswordToken,User> passcodeService, UserService<User> userService)
-
-
Method Detail
-
setRedirectResolver
@Autowired public void setRedirectResolver(@Nullable org.springframework.security.oauth2.provider.endpoint.RedirectResolver redirectResolver)
-
setContentSecurityPolicyConfigurer
@Autowired public void setContentSecurityPolicyConfigurer(@Nullable ContentSecurityPolicyConfigurer contentSecurityPolicyConfigurer)
-
configure
public void configure(org.springframework.security.config.annotation.web.builders.WebSecurity web)
- Specified by:
configurein interfaceorg.springframework.security.config.annotation.SecurityConfigurer<javax.servlet.Filter,org.springframework.security.config.annotation.web.builders.WebSecurity>- Overrides:
configurein classorg.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
-
configure
protected void configure(org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder auth)
- Overrides:
configurein classorg.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
-
configure
protected void configure(org.springframework.security.config.annotation.web.builders.HttpSecurity http) throws Exception- Overrides:
configurein classorg.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter- Throws:
Exception
-
applyContentSecurityPolicyConfiguration
protected void applyContentSecurityPolicyConfiguration(org.springframework.security.config.annotation.web.builders.HttpSecurity http) throws Exception- Throws:
Exception
-
authenticationEntryPoint
@Bean @ConditionalOnMissingBean public org.springframework.security.web.AuthenticationEntryPoint authenticationEntryPoint()
-
authenticationSuccessHandler
@Bean @ConditionalOnMissingBean public org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler authenticationSuccessHandler()
-
authenticationFailureHandler
@Bean @ConditionalOnMissingBean public org.springframework.security.web.authentication.AuthenticationFailureHandler authenticationFailureHandler()
-
embeddedLoginAuthenticationSuccessHandler
@Bean @ConditionalOnMissingBean @ConditionalOnProperty("broadleaf.auth.login.embedded.enabled") public EmbeddedLoginAuthenticationSuccessHandler<PasswordToken,User> embeddedLoginAuthenticationSuccessHandler()
-
embeddedLoginAuthenticationFailureHandler
@Bean @ConditionalOnMissingBean @ConditionalOnProperty("broadleaf.auth.login.embedded.enabled") public EmbeddedLoginAuthenticationFailureHandler embeddedLoginAuthenticationFailureHandler()
-
userNotActiveExceptionMapping
@Bean @ConditionalOnMissingBean(name="userNotActiveExceptionMapping") public AuthenticationFailureExceptionMapping userNotActiveExceptionMapping()
-
credentialsExpiredExceptionMapping
@Bean @ConditionalOnMissingBean(name="credentialsExpiredExceptionMapping") public AuthenticationFailureExceptionMapping credentialsExpiredExceptionMapping()
-
userLockedExceptionMapping
@Bean @ConditionalOnMissingBean(name="userLockedExceptionMapping") public AuthenticationFailureExceptionMapping userLockedExceptionMapping()
-
revokeRefreshTokenLogoutHandler
@Bean @ConditionalOnMissingBean public RevokeRefreshTokenLogoutHandler revokeRefreshTokenLogoutHandler()
-
formLoginAuthenticationFilter
@Bean @ConditionalOnMissingBean public FormLoginAuthenticationFilter formLoginAuthenticationFilter() throws Exception
- Throws:
Exception
-
formLoginAuthenticationFilterRegistration
@Bean @ConditionalOnMissingBean(name="formLoginAuthenticationFilterRegistration") public org.springframework.boot.web.servlet.FilterRegistrationBean<FormLoginAuthenticationFilter> formLoginAuthenticationFilterRegistration(FormLoginAuthenticationFilter formLoginAuthenticationFilter)
Disable automatic Filter registration forFormLoginAuthenticationFilter. It is manually added to security filter chain inconfigure(org.springframework.security.config.annotation.web.builders.WebSecurity).See documentation file "register-security-filters.adoc" for information about how to properly register security filters.
-
embeddedLoginAuthenticationFilter
@Bean @ConditionalOnMissingBean @ConditionalOnProperty("broadleaf.auth.login.embedded.enabled") public EmbeddedLoginAuthenticationFilter embeddedLoginAuthenticationFilter() throws Exception- Throws:
Exception
-
embeddedLoginAuthenticationFilterRegistration
@Bean @ConditionalOnMissingBean(name="embeddedLoginAuthenticationFilterRegistration") @ConditionalOnProperty("broadleaf.auth.login.embedded.enabled") public org.springframework.boot.web.servlet.FilterRegistrationBean<EmbeddedLoginAuthenticationFilter> embeddedLoginAuthenticationFilterRegistration(EmbeddedLoginAuthenticationFilter filter)Disable automatic Filter registration forEmbeddedLoginAuthenticationFilter. It is manually added to security filter chain inconfigure(org.springframework.security.config.annotation.web.builders.WebSecurity).See documentation file "register-security-filters.adoc" for information about how to properly register security filters.
-
oAuth2SessionAuthenticationFilter
@Bean @ConditionalOnMissingBean public OAuth2SessionAuthenticationFilter oAuth2SessionAuthenticationFilter() throws Exception
- Throws:
Exception
-
oAuth2SessionAuthenticationFilterRegistration
@Bean @ConditionalOnMissingBean(name="oAuth2SessionAuthenticationFilterRegistration") public org.springframework.boot.web.servlet.FilterRegistrationBean<OAuth2SessionAuthenticationFilter> oAuth2SessionAuthenticationFilterRegistration(OAuth2SessionAuthenticationFilter filter)
Disable automatic Filter registration forOAuth2SessionAuthenticationFilter. It is manually added to security filter chain inconfigure(org.springframework.security.config.annotation.web.builders.WebSecurity). It is also manually added to the chain for theTokenEndpointinAuthorizationServerConfiguration. See documentation file "register-security-filters.adoc" for information about how to properly register security filters.
-
userLoginService
@Bean @ConditionalOnMissingBean public UserLoginService userLoginService(OAuth2UserDetailsService clientUserDetailService, StatelessUtil statelessUtil)
-
contentSecurityPolicyConfigurer
@Bean @ConditionalOnMissingBean public ContentSecurityPolicyConfigurer contentSecurityPolicyConfigurer(AuthorizationServerProperties authorizationServerProps)
-
embeddedLoginTokenEndpointAuthenticationFilter
@Bean @ConditionalOnMissingBean @ConditionalOnProperty("broadleaf.auth.login.embedded.enabled") public EmbeddedLoginTokenEndpointAuthenticationFilter embeddedLoginTokenEndpointAuthenticationFilter() throws Exception- Throws:
Exception
-
embeddedLoginTokenEndpointAuthenticationFilterRegistration
@Bean @ConditionalOnMissingBean(name="embeddedLoginTokenEndpointAuthenticationFilterRegistration") @ConditionalOnProperty("broadleaf.auth.login.embedded.enabled") public org.springframework.boot.web.servlet.FilterRegistrationBean<EmbeddedLoginTokenEndpointAuthenticationFilter> embeddedLoginTokenEndpointAuthenticationFilterRegistration(EmbeddedLoginTokenEndpointAuthenticationFilter filter)Disable automatic Filter registration forOAuth2TokenEndpointAuthenticationFilter. It is manually added to the chain for theTokenEndpointinAuthorizationServerConfiguration. That is the only location where this filter will be enabled, since it's only necessary for theTokenEndpoint.See documentation file "register-security-filters.adoc" for information about how to properly register security filters.
-
getContentSecurityPolicyConfigurer
@Nullable protected ContentSecurityPolicyConfigurer getContentSecurityPolicyConfigurer()
-
-