Package org.springframework.security.config.web.server

Class ServerHttpSecurity.HttpBasicSpec

java.lang.Object

org.springframework.security.config.web.server.ServerHttpSecurity.HttpBasicSpec

Enclosing class:

ServerHttpSecurity

public final class ServerHttpSecurity.HttpBasicSpec
extends Object

Configures HTTP Basic Authentication

Since:

5.0

See Also:

• ServerHttpSecurity.httpBasic()

Method Summary

Modifier and Type	Method	Description
ServerHttpSecurity	and()	Deprecated, for removal: This API element is subject to removal in a future version. For removal in 7.0.
ServerHttpSecurity.HttpBasicSpec	authenticationEntryPoint(org.springframework.security.web.server.ServerAuthenticationEntryPoint authenticationEntryPoint)	Allows easily setting the entry point.
ServerHttpSecurity.HttpBasicSpec	authenticationFailureHandler(org.springframework.security.web.server.authentication.ServerAuthenticationFailureHandler authenticationFailureHandler)
ServerHttpSecurity.HttpBasicSpec	authenticationManager(org.springframework.security.authentication.ReactiveAuthenticationManager authenticationManager)	The ReactiveAuthenticationManager used to authenticate.
ServerHttpSecurity.HttpBasicSpec	authenticationSuccessHandler(Consumer<List<org.springframework.security.web.server.authentication.ServerAuthenticationSuccessHandler>> handlersConsumer)	Allows customizing the list of ServerAuthenticationSuccessHandler.
ServerHttpSecurity.HttpBasicSpec	authenticationSuccessHandler(org.springframework.security.web.server.authentication.ServerAuthenticationSuccessHandler authenticationSuccessHandler)	The ServerAuthenticationSuccessHandler used after authentication success.
protected void	configure(ServerHttpSecurity http)
ServerHttpSecurity	disable()	Disables HTTP Basic authentication.
ServerHttpSecurity.HttpBasicSpec	securityContextRepository(org.springframework.security.web.server.context.ServerSecurityContextRepository securityContextRepository)	The ServerSecurityContextRepository used to save the Authentication.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

authenticationSuccessHandler

public ServerHttpSecurity.HttpBasicSpec authenticationSuccessHandler(org.springframework.security.web.server.authentication.ServerAuthenticationSuccessHandler authenticationSuccessHandler)

The ServerAuthenticationSuccessHandler used after authentication success. Defaults to WebFilterChainServerAuthenticationSuccessHandler. Note that this method clears previously added success handlers via authenticationSuccessHandler(Consumer)

Parameters:

authenticationSuccessHandler - the success handler to use

Returns:

the ServerHttpSecurity.HttpBasicSpec to continue configuring

Since:

6.3

authenticationSuccessHandler

public ServerHttpSecurity.HttpBasicSpec authenticationSuccessHandler(Consumer<List<org.springframework.security.web.server.authentication.ServerAuthenticationSuccessHandler>> handlersConsumer)

Allows customizing the list of ServerAuthenticationSuccessHandler. The default list contains a WebFilterChainServerAuthenticationSuccessHandler.

Parameters:

handlersConsumer - the handlers consumer

Returns:

the ServerHttpSecurity.HttpBasicSpec to continue configuring

Since:

6.3

authenticationManager

public ServerHttpSecurity.HttpBasicSpec authenticationManager(org.springframework.security.authentication.ReactiveAuthenticationManager authenticationManager)

The ReactiveAuthenticationManager used to authenticate. Defaults to ServerHttpSecurity.authenticationManager(ReactiveAuthenticationManager).

Parameters:

authenticationManager - the authentication manager to use

Returns:

the ServerHttpSecurity.HttpBasicSpec to continue configuring

securityContextRepository

public ServerHttpSecurity.HttpBasicSpec securityContextRepository(org.springframework.security.web.server.context.ServerSecurityContextRepository securityContextRepository)

The ServerSecurityContextRepository used to save the Authentication. Defaults to NoOpServerSecurityContextRepository. For the SecurityContext to be loaded on subsequent requests the ReactorContextWebFilter must be configured to be able to load the value (they are not implicitly linked).

Parameters:

securityContextRepository - the repository to use

Returns:

the ServerHttpSecurity.HttpBasicSpec to continue configuring

authenticationEntryPoint

public ServerHttpSecurity.HttpBasicSpec authenticationEntryPoint(org.springframework.security.web.server.ServerAuthenticationEntryPoint authenticationEntryPoint)

Allows easily setting the entry point.

Parameters:

authenticationEntryPoint - the ServerAuthenticationEntryPoint to use

Returns:

ServerHttpSecurity.HttpBasicSpec for additional customization

Since:

5.2.0

authenticationFailureHandler

public ServerHttpSecurity.HttpBasicSpec authenticationFailureHandler(org.springframework.security.web.server.authentication.ServerAuthenticationFailureHandler authenticationFailureHandler)

and

@Deprecated(since="6.1",
            forRemoval=true)
public ServerHttpSecurity and()

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use ServerHttpSecurity.httpBasic(Customizer) or httpBasic(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

Allows method chaining to continue configuring the ServerHttpSecurity

Returns:

the ServerHttpSecurity to continue configuring

disable

public ServerHttpSecurity disable()

Disables HTTP Basic authentication.

Returns:

the ServerHttpSecurity to continue configuring

configure

protected void configure(ServerHttpSecurity http)