Package org.springframework.security.config.annotation.web.configurers.oauth2.client

Class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>

java.lang.Object

org.springframework.security.config.annotation.SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,B>

org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer<T,B>

org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer<B,OAuth2LoginConfigurer<B>,org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter>

org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer<B>

All Implemented Interfaces:

SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,B>

public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
extends AbstractAuthenticationFilterConfigurer<B,OAuth2LoginConfigurer<B>,org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter>

An AbstractHttpConfigurer for OAuth 2.0 Login, which leverages the OAuth 2.0 Authorization Code Grant Flow.

OAuth 2.0 Login provides an application with the capability to have users log in by using their existing account at an OAuth 2.0 or OpenID Connect 1.0 Provider.

Defaults are provided for all configuration options with the only required configuration being clientRegistrationRepository(ClientRegistrationRepository). Alternatively, a ClientRegistrationRepository @Bean may be registered instead.

Security Filters

The following Filter's are populated:

• OAuth2AuthorizationRequestRedirectFilter
• OAuth2LoginAuthenticationFilter

Shared Objects Created

The following shared objects are populated:

• ClientRegistrationRepository (required)
• OAuth2AuthorizedClientRepository (optional)
• GrantedAuthoritiesMapper (optional)

Shared Objects Used

The following shared objects are used:

• ClientRegistrationRepository
• OAuth2AuthorizedClientRepository
• GrantedAuthoritiesMapper
• DefaultLoginPageGeneratingFilter - if loginPage(String) is not configured and DefaultLoginPageGeneratingFilter is available, then a default login page will be made available
• OidcSessionRegistry

Since:

5.0

See Also:

• HttpSecurity.oauth2Login()
• OAuth2AuthorizationRequestRedirectFilter
• OAuth2LoginAuthenticationFilter
• ClientRegistrationRepository
• OAuth2AuthorizedClientRepository
• AbstractAuthenticationFilterConfigurer

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
final class	OAuth2LoginConfigurer.AuthorizationEndpointConfig	Configuration options for the Authorization Server's Authorization Endpoint.
final class	OAuth2LoginConfigurer.RedirectionEndpointConfig	Configuration options for the Client's Redirection Endpoint.
final class	OAuth2LoginConfigurer.TokenEndpointConfig	Configuration options for the Authorization Server's Token Endpoint.
final class	OAuth2LoginConfigurer.UserInfoEndpointConfig	Configuration options for the Authorization Server's UserInfo Endpoint.

Constructor Summary

Constructors

Constructor	Description
OAuth2LoginConfigurer()

Method Summary

Modifier and Type	Method	Description
OAuth2LoginConfigurer<B>.AuthorizationEndpointConfig	authorizationEndpoint()	Deprecated, for removal: This API element is subject to removal in a future version. For removal in 7.0.
OAuth2LoginConfigurer<B>	authorizationEndpoint(Customizer<OAuth2LoginConfigurer<B>.AuthorizationEndpointConfig> authorizationEndpointCustomizer)	Configures the Authorization Server's Authorization Endpoint.
OAuth2LoginConfigurer<B>	authorizedClientRepository(org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository authorizedClientRepository)	Sets the repository for authorized client(s).
OAuth2LoginConfigurer<B>	authorizedClientService(org.springframework.security.oauth2.client.OAuth2AuthorizedClientService authorizedClientService)	Sets the service for authorized client(s).
OAuth2LoginConfigurer<B>	clientRegistrationRepository(org.springframework.security.oauth2.client.registration.ClientRegistrationRepository clientRegistrationRepository)	Sets the repository of client registrations.
void	configure(B http)	Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.
protected org.springframework.security.web.util.matcher.RequestMatcher	createLoginProcessingUrlMatcher(String loginProcessingUrl)	Create the RequestMatcher given a loginProcessingUrl
void	init(B http)	Initialize the SecurityBuilder.
OAuth2LoginConfigurer<B>	loginPage(String loginPage)	Specifies the URL to send users to if login is required.
OAuth2LoginConfigurer<B>	loginProcessingUrl(String loginProcessingUrl)	Specifies the URL to validate the credentials.
OAuth2LoginConfigurer<B>	oidcSessionRegistry(org.springframework.security.oauth2.client.oidc.session.OidcSessionRegistry oidcSessionRegistry)	Sets the registry for managing the OIDC client-provider session link
OAuth2LoginConfigurer<B>.RedirectionEndpointConfig	redirectionEndpoint()	Deprecated, for removal: This API element is subject to removal in a future version. For removal in 7.0.
OAuth2LoginConfigurer<B>	redirectionEndpoint(Customizer<OAuth2LoginConfigurer<B>.RedirectionEndpointConfig> redirectionEndpointCustomizer)	Configures the Client's Redirection Endpoint.
OAuth2LoginConfigurer<B>.TokenEndpointConfig	tokenEndpoint()	Deprecated, for removal: This API element is subject to removal in a future version. For removal in 7.0.
OAuth2LoginConfigurer<B>	tokenEndpoint(Customizer<OAuth2LoginConfigurer<B>.TokenEndpointConfig> tokenEndpointCustomizer)	Configures the Authorization Server's Token Endpoint.
OAuth2LoginConfigurer<B>.UserInfoEndpointConfig	userInfoEndpoint()	Deprecated, for removal: This API element is subject to removal in a future version. For removal in 7.0.
OAuth2LoginConfigurer<B>	userInfoEndpoint(Customizer<OAuth2LoginConfigurer<B>.UserInfoEndpointConfig> userInfoEndpointCustomizer)	Configures the Authorization Server's UserInfo Endpoint.

Methods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer

authenticationDetailsSource, defaultSuccessUrl, defaultSuccessUrl, failureHandler, failureUrl, getAuthenticationEntryPoint, getAuthenticationEntryPointMatcher, getAuthenticationFilter, getFailureUrl, getLoginPage, getLoginProcessingUrl, isCustomLoginPage, permitAll, permitAll, registerAuthenticationEntryPoint, registerDefaultAuthenticationEntryPoint, securityContextRepository, setAuthenticationFilter, successHandler, updateAccessDefaults, updateAuthenticationDefaults

Methods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer

disable, getSecurityContextHolderStrategy, withObjectPostProcessor, withObjectPostProcessor

Methods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter

addObjectPostProcessor, addObjectPostProcessor, and, getBuilder, postProcess, setBuilder

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

OAuth2LoginConfigurer

public OAuth2LoginConfigurer()

Method Details

clientRegistrationRepository

public OAuth2LoginConfigurer<B> clientRegistrationRepository(org.springframework.security.oauth2.client.registration.ClientRegistrationRepository clientRegistrationRepository)

Sets the repository of client registrations.

Parameters:

clientRegistrationRepository - the repository of client registrations

Returns:

the OAuth2LoginConfigurer for further configuration

authorizedClientRepository

public OAuth2LoginConfigurer<B> authorizedClientRepository(org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository authorizedClientRepository)

Sets the repository for authorized client(s).

Parameters:

authorizedClientRepository - the authorized client repository

Returns:

the OAuth2LoginConfigurer for further configuration

Since:

5.1

authorizedClientService

public OAuth2LoginConfigurer<B> authorizedClientService(org.springframework.security.oauth2.client.OAuth2AuthorizedClientService authorizedClientService)

Sets the service for authorized client(s).

Parameters:

authorizedClientService - the authorized client service

Returns:

the OAuth2LoginConfigurer for further configuration

loginPage

public OAuth2LoginConfigurer<B> loginPage(String loginPage)

Description copied from class: AbstractAuthenticationFilterConfigurer

Specifies the URL to send users to if login is required. If used with EnableWebSecurity a default login page will be generated when this attribute is not specified.

If a URL is specified or this is not being used in conjunction with EnableWebSecurity, users are required to process the specified URL to generate a login page.

Overrides:

loginPage in class AbstractAuthenticationFilterConfigurer<B extends HttpSecurityBuilder<B>,OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>,org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter>

loginProcessingUrl

public OAuth2LoginConfigurer<B> loginProcessingUrl(String loginProcessingUrl)

Description copied from class: AbstractAuthenticationFilterConfigurer

Specifies the URL to validate the credentials.

Overrides:

loginProcessingUrl in class AbstractAuthenticationFilterConfigurer<B extends HttpSecurityBuilder<B>,OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>,org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter>

Parameters:

loginProcessingUrl - the URL to validate username and password

Returns:

the FormLoginConfigurer for additional customization

oidcSessionRegistry

public OAuth2LoginConfigurer<B> oidcSessionRegistry(org.springframework.security.oauth2.client.oidc.session.OidcSessionRegistry oidcSessionRegistry)

Sets the registry for managing the OIDC client-provider session link

Parameters:

oidcSessionRegistry - the OidcSessionRegistry to use

Returns:

the OAuth2LoginConfigurer for further configuration

Since:

6.2

authorizationEndpoint

@Deprecated(since="6.1",
            forRemoval=true)
public OAuth2LoginConfigurer<B>.AuthorizationEndpointConfig authorizationEndpoint()

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use authorizationEndpoint(Customizer) instead

Returns the OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>.AuthorizationEndpointConfig for configuring the Authorization Server's Authorization Endpoint.

Returns:

the OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>.AuthorizationEndpointConfig

authorizationEndpoint

public OAuth2LoginConfigurer<B> authorizationEndpoint(Customizer<OAuth2LoginConfigurer<B>.AuthorizationEndpointConfig> authorizationEndpointCustomizer)

Configures the Authorization Server's Authorization Endpoint.

Parameters:

authorizationEndpointCustomizer - the Customizer to provide more options for the OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>.AuthorizationEndpointConfig

Returns:

the OAuth2LoginConfigurer for further customizations

tokenEndpoint

@Deprecated(since="6.1",
            forRemoval=true)
public OAuth2LoginConfigurer<B>.TokenEndpointConfig tokenEndpoint()

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use tokenEndpoint(Customizer) or tokenEndpoint(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

Returns the OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>.TokenEndpointConfig for configuring the Authorization Server's Token Endpoint.

Returns:

the OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>.TokenEndpointConfig

tokenEndpoint

public OAuth2LoginConfigurer<B> tokenEndpoint(Customizer<OAuth2LoginConfigurer<B>.TokenEndpointConfig> tokenEndpointCustomizer)

Configures the Authorization Server's Token Endpoint.

Parameters:

tokenEndpointCustomizer - the Customizer to provide more options for the OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>.TokenEndpointConfig

Returns:

the OAuth2LoginConfigurer for further customizations

Throws:

Exception

redirectionEndpoint

@Deprecated(since="6.1",
            forRemoval=true)
public OAuth2LoginConfigurer<B>.RedirectionEndpointConfig redirectionEndpoint()

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use redirectionEndpoint(Customizer) instead

Returns the OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>.RedirectionEndpointConfig for configuring the Client's Redirection Endpoint.

Returns:

the OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>.RedirectionEndpointConfig

redirectionEndpoint

public OAuth2LoginConfigurer<B> redirectionEndpoint(Customizer<OAuth2LoginConfigurer<B>.RedirectionEndpointConfig> redirectionEndpointCustomizer)

Configures the Client's Redirection Endpoint.

Parameters:

redirectionEndpointCustomizer - the Customizer to provide more options for the OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>.RedirectionEndpointConfig

Returns:

the OAuth2LoginConfigurer for further customizations

userInfoEndpoint

@Deprecated(since="6.1",
            forRemoval=true)
public OAuth2LoginConfigurer<B>.UserInfoEndpointConfig userInfoEndpoint()

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use userInfoEndpoint(Customizer) or userInfoEndpoint(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

Returns the OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>.UserInfoEndpointConfig for configuring the Authorization Server's UserInfo Endpoint.

Returns:

the OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>.UserInfoEndpointConfig

userInfoEndpoint

public OAuth2LoginConfigurer<B> userInfoEndpoint(Customizer<OAuth2LoginConfigurer<B>.UserInfoEndpointConfig> userInfoEndpointCustomizer)

Configures the Authorization Server's UserInfo Endpoint.

Parameters:

userInfoEndpointCustomizer - the Customizer to provide more options for the OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>.UserInfoEndpointConfig

Returns:

the OAuth2LoginConfigurer for further customizations

init

public void init(B http)
          throws Exception

Description copied from interface: SecurityConfigurer

Initialize the SecurityBuilder. Here only shared state should be created and modified, but not properties on the SecurityBuilder used for building the object. This ensures that the SecurityConfigurer.configure(SecurityBuilder) method uses the correct shared objects when building. Configurers should be applied here.

Specified by:

init in interface SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,B extends HttpSecurityBuilder<B>>

Overrides:

init in class AbstractAuthenticationFilterConfigurer<B extends HttpSecurityBuilder<B>,OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>,org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter>

Throws:

Exception

configure

public void configure(B http)
               throws Exception

Description copied from interface: SecurityConfigurer

Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.

Specified by:

configure in interface SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,B extends HttpSecurityBuilder<B>>

Overrides:

configure in class AbstractAuthenticationFilterConfigurer<B extends HttpSecurityBuilder<B>,OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>,org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter>

Throws:

Exception

createLoginProcessingUrlMatcher

protected org.springframework.security.web.util.matcher.RequestMatcher createLoginProcessingUrlMatcher(String loginProcessingUrl)

Description copied from class: AbstractAuthenticationFilterConfigurer

Create the RequestMatcher given a loginProcessingUrl

Specified by:

createLoginProcessingUrlMatcher in class AbstractAuthenticationFilterConfigurer<B extends HttpSecurityBuilder<B>,OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>,org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter>

Parameters:

loginProcessingUrl - creates the RequestMatcher based upon the loginProcessingUrl

Returns:

the RequestMatcher to use based upon the loginProcessingUrl