Class SecurityAutoConfiguration.AuthenticationSecurityConfiguration

java.lang.Object
com.broadleafcommerce.auth.user.autoconfigure.SecurityAutoConfiguration.AuthenticationSecurityConfiguration
Enclosing class:
SecurityAutoConfiguration

@Configuration(proxyBeanMethods=false) public static class SecurityAutoConfiguration.AuthenticationSecurityConfiguration extends Object
This configuration is specifically responsible for enabling authentication-related components.
  • Constructor Details

    • AuthenticationSecurityConfiguration

      public AuthenticationSecurityConfiguration()
  • Method Details

    • authenticationSecurityFilterChain

      @Bean("authenticationSecurityFilterChain") @ConditionalOnMissingBean(name="authenticationSecurityFilterChain") @Order(2147473647) public org.springframework.security.web.SecurityFilterChain authenticationSecurityFilterChain(org.springframework.security.config.annotation.web.builders.HttpSecurity http, @Autowired(required=false) @Nullable List<EarlyAuthenticationSecurityChainCustomizer> earlyAuthenticationSecurityCustomizers, @Autowired(required=false) @Nullable List<LateAuthenticationSecurityChainCustomizer> lateAuthenticationSecurityCustomizers, @Nullable ContentSecurityPolicyConfigurer contentSecurityPolicyConfigurer, @Nullable DispatcherTypeAuthorizationConfigurer dispatcherTypeAuthorizationConfigurer, AuthorizationServerProperties authorizationServerProperties, org.springframework.security.web.savedrequest.RequestCache requestCache, AuthenticationLogoutHandler authenticationLogoutHandler, org.springframework.security.web.AuthenticationEntryPoint authenticationEntryPoint, org.springframework.security.web.authentication.session.SessionAuthenticationStrategy sessionAuthenticationStrategy, FormLoginAuthenticationFilter formLoginAuthenticationFilter, OAuth2SessionAuthenticationFilter oAuth2SessionAuthenticationFilter, VerifyRedirectCookieFilter verifyRedirectCookieFilter, ClientIdFilter clientIdFilter, DefaultOAuth2ParamFilter oauth2ParamFilter, org.springframework.security.oauth2.client.web.AuthorizationRequestRepository<org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest> authorizationRequestRepository, org.springframework.security.authentication.AuthenticationDetailsSource<jakarta.servlet.http.HttpServletRequest,?> authenticationDetailsSource, @Qualifier("defaultAuthenticationSuccessHandler") org.springframework.security.web.authentication.AuthenticationSuccessHandler authenticationSuccessHandler, @Qualifier("defaultAuthenticationFailureHandler") org.springframework.security.web.authentication.AuthenticationFailureHandler authenticationFailureHandler, RevokeRefreshTokenLogoutHandler revokeRefreshTokenLogoutHandler, @Nullable EmbeddedLoginProperties embeddedLoginProperties, @Nullable EmbeddedLoginAuthenticationConfigurer embeddedLoginAuthenticationConfigurer, @Qualifier("oAuth2ClientIdForwardRedirectStrategy") org.springframework.security.web.RedirectStrategy oAuth2ClientIdForwardRedirectStrategy) throws Exception
      This security filter chain is intentionally separate and dedicated to registering all authentication related components.

      Since the security filter chain in SecurityAutoConfiguration.SpringAuthorizationServerSecurityConfiguration and resource security filter chain in OAuth2ResourceWebSecurityConfiguration apply to specific paths, we allow them to have higher order precedence than this bean. In addition to supporting authentication related paths, this filter will serve as a catch-all for other paths and be applied at a lower precedence to basically require authentication on all paths.

      Parameters:
      http - the security filter chain builder
      Returns:
      a security filter chain engaging authentication related components
      Throws:
      Exception - if something fails
      See Also:
    • applyContentSecurityPolicyConfiguration

      protected void applyContentSecurityPolicyConfiguration(org.springframework.security.config.annotation.web.builders.HttpSecurity http, @Nullable ContentSecurityPolicyConfigurer contentSecurityPolicyConfigurer) throws Exception
      Throws:
      Exception
    • applyFrameOptionsConfiguration

      protected void applyFrameOptionsConfiguration(org.springframework.security.config.annotation.web.builders.HttpSecurity http, AuthorizationServerProperties authorizationServerProps) throws Exception
      Throws:
      Exception
    • applyLogoutRedirectParameter

      protected void applyLogoutRedirectParameter(org.springframework.security.config.annotation.web.builders.HttpSecurity http, AuthorizationServerProperties authorizationServerProps, org.springframework.security.web.RedirectStrategy oAuth2ClientIdForwardRedirectStrategy) throws Exception
      Throws:
      Exception
    • applyDispatcherTypeAuthorization

      protected void applyDispatcherTypeAuthorization(org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer<org.springframework.security.config.annotation.web.builders.HttpSecurity>.org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry authorize, @Nullable DispatcherTypeAuthorizationConfigurer dispatcherTypeAuthorizationConfigurer)
    • applyEmbeddedLoginConfiguration

      protected void applyEmbeddedLoginConfiguration(org.springframework.security.config.annotation.web.builders.HttpSecurity http, @Nullable EmbeddedLoginProperties embeddedLoginProperties, @Nullable EmbeddedLoginAuthenticationConfigurer embeddedLoginAuthenticationConfigurer)