Class SecurityAutoConfiguration.AuthenticationSecurityConfiguration
java.lang.Object
com.broadleafcommerce.auth.user.autoconfigure.SecurityAutoConfiguration.AuthenticationSecurityConfiguration
- Enclosing class:
- SecurityAutoConfiguration
@Configuration(proxyBeanMethods=false)
public static class SecurityAutoConfiguration.AuthenticationSecurityConfiguration
extends Object
This configuration is specifically responsible for enabling authentication-related
components.
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionprotected void
applyContentSecurityPolicyConfiguration
(org.springframework.security.config.annotation.web.builders.HttpSecurity http, ContentSecurityPolicyConfigurer contentSecurityPolicyConfigurer) protected void
applyDispatcherTypeAuthorization
(org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer<org.springframework.security.config.annotation.web.builders.HttpSecurity>.org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry authorize, DispatcherTypeAuthorizationConfigurer dispatcherTypeAuthorizationConfigurer) protected void
applyEmbeddedLoginConfiguration
(org.springframework.security.config.annotation.web.builders.HttpSecurity http, EmbeddedLoginProperties embeddedLoginProperties, EmbeddedLoginAuthenticationConfigurer embeddedLoginAuthenticationConfigurer) protected void
applyFrameOptionsConfiguration
(org.springframework.security.config.annotation.web.builders.HttpSecurity http, AuthorizationServerProperties authorizationServerProps) protected void
applyLogoutRedirectParameter
(org.springframework.security.config.annotation.web.builders.HttpSecurity http, AuthorizationServerProperties authorizationServerProps, org.springframework.security.web.RedirectStrategy oAuth2ClientIdForwardRedirectStrategy) org.springframework.security.web.SecurityFilterChain
authenticationSecurityFilterChain
(org.springframework.security.config.annotation.web.builders.HttpSecurity http, List<EarlyAuthenticationSecurityChainCustomizer> earlyAuthenticationSecurityCustomizers, List<LateAuthenticationSecurityChainCustomizer> lateAuthenticationSecurityCustomizers, ContentSecurityPolicyConfigurer contentSecurityPolicyConfigurer, DispatcherTypeAuthorizationConfigurer dispatcherTypeAuthorizationConfigurer, AuthorizationServerProperties authorizationServerProperties, org.springframework.security.web.savedrequest.RequestCache requestCache, AuthenticationLogoutHandler authenticationLogoutHandler, org.springframework.security.web.AuthenticationEntryPoint authenticationEntryPoint, org.springframework.security.web.authentication.session.SessionAuthenticationStrategy sessionAuthenticationStrategy, FormLoginAuthenticationFilter formLoginAuthenticationFilter, OAuth2SessionAuthenticationFilter oAuth2SessionAuthenticationFilter, VerifyRedirectCookieFilter verifyRedirectCookieFilter, ClientIdFilter clientIdFilter, DefaultOAuth2ParamFilter oauth2ParamFilter, org.springframework.security.oauth2.client.web.AuthorizationRequestRepository<org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest> authorizationRequestRepository, org.springframework.security.authentication.AuthenticationDetailsSource<jakarta.servlet.http.HttpServletRequest, ?> authenticationDetailsSource, org.springframework.security.web.authentication.AuthenticationSuccessHandler authenticationSuccessHandler, org.springframework.security.web.authentication.AuthenticationFailureHandler authenticationFailureHandler, RevokeRefreshTokenLogoutHandler revokeRefreshTokenLogoutHandler, EmbeddedLoginProperties embeddedLoginProperties, EmbeddedLoginAuthenticationConfigurer embeddedLoginAuthenticationConfigurer, org.springframework.security.web.RedirectStrategy oAuth2ClientIdForwardRedirectStrategy) This security filter chain is intentionally separate and dedicated to registering all authentication related components.
-
Constructor Details
-
AuthenticationSecurityConfiguration
public AuthenticationSecurityConfiguration()
-
-
Method Details
-
authenticationSecurityFilterChain
@Bean("authenticationSecurityFilterChain") @ConditionalOnMissingBean(name="authenticationSecurityFilterChain") @Order(2147473647) public org.springframework.security.web.SecurityFilterChain authenticationSecurityFilterChain(org.springframework.security.config.annotation.web.builders.HttpSecurity http, @Autowired(required=false) @Nullable List<EarlyAuthenticationSecurityChainCustomizer> earlyAuthenticationSecurityCustomizers, @Autowired(required=false) @Nullable List<LateAuthenticationSecurityChainCustomizer> lateAuthenticationSecurityCustomizers, @Nullable ContentSecurityPolicyConfigurer contentSecurityPolicyConfigurer, @Nullable DispatcherTypeAuthorizationConfigurer dispatcherTypeAuthorizationConfigurer, AuthorizationServerProperties authorizationServerProperties, org.springframework.security.web.savedrequest.RequestCache requestCache, AuthenticationLogoutHandler authenticationLogoutHandler, org.springframework.security.web.AuthenticationEntryPoint authenticationEntryPoint, org.springframework.security.web.authentication.session.SessionAuthenticationStrategy sessionAuthenticationStrategy, FormLoginAuthenticationFilter formLoginAuthenticationFilter, OAuth2SessionAuthenticationFilter oAuth2SessionAuthenticationFilter, VerifyRedirectCookieFilter verifyRedirectCookieFilter, ClientIdFilter clientIdFilter, DefaultOAuth2ParamFilter oauth2ParamFilter, org.springframework.security.oauth2.client.web.AuthorizationRequestRepository<org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest> authorizationRequestRepository, org.springframework.security.authentication.AuthenticationDetailsSource<jakarta.servlet.http.HttpServletRequest, ?> authenticationDetailsSource, @Qualifier("defaultAuthenticationSuccessHandler") org.springframework.security.web.authentication.AuthenticationSuccessHandler authenticationSuccessHandler, @Qualifier("defaultAuthenticationFailureHandler") org.springframework.security.web.authentication.AuthenticationFailureHandler authenticationFailureHandler, RevokeRefreshTokenLogoutHandler revokeRefreshTokenLogoutHandler, @Nullable EmbeddedLoginProperties embeddedLoginProperties, @Nullable EmbeddedLoginAuthenticationConfigurer embeddedLoginAuthenticationConfigurer, @Qualifier("oAuth2ClientIdForwardRedirectStrategy") org.springframework.security.web.RedirectStrategy oAuth2ClientIdForwardRedirectStrategy) throws ExceptionThis security filter chain is intentionally separate and dedicated to registering all authentication related components.Since the security filter chain in
SecurityAutoConfiguration.SpringAuthorizationServerSecurityConfiguration
and resource security filter chain inOAuth2ResourceWebSecurityConfiguration
apply to specific paths, we allow them to have higher order precedence than this bean. In addition to supporting authentication related paths, this filter will serve as a catch-all for other paths and be applied at a lower precedence to basically require authentication on all paths.- Parameters:
http
- the security filter chain builder- Returns:
- a security filter chain engaging authentication related components
- Throws:
Exception
- if something fails- See Also:
-
applyContentSecurityPolicyConfiguration
protected void applyContentSecurityPolicyConfiguration(org.springframework.security.config.annotation.web.builders.HttpSecurity http, @Nullable ContentSecurityPolicyConfigurer contentSecurityPolicyConfigurer) throws Exception - Throws:
Exception
-
applyFrameOptionsConfiguration
protected void applyFrameOptionsConfiguration(org.springframework.security.config.annotation.web.builders.HttpSecurity http, AuthorizationServerProperties authorizationServerProps) throws Exception - Throws:
Exception
-
applyLogoutRedirectParameter
protected void applyLogoutRedirectParameter(org.springframework.security.config.annotation.web.builders.HttpSecurity http, AuthorizationServerProperties authorizationServerProps, org.springframework.security.web.RedirectStrategy oAuth2ClientIdForwardRedirectStrategy) throws Exception - Throws:
Exception
-
applyDispatcherTypeAuthorization
protected void applyDispatcherTypeAuthorization(org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer<org.springframework.security.config.annotation.web.builders.HttpSecurity>.org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry authorize, @Nullable DispatcherTypeAuthorizationConfigurer dispatcherTypeAuthorizationConfigurer) -
applyEmbeddedLoginConfiguration
protected void applyEmbeddedLoginConfiguration(org.springframework.security.config.annotation.web.builders.HttpSecurity http, @Nullable EmbeddedLoginProperties embeddedLoginProperties, @Nullable EmbeddedLoginAuthenticationConfigurer embeddedLoginAuthenticationConfigurer)
-