Package org.springframework.security.config.annotation.web.configurers.ott

Class OneTimeTokenLoginConfigurer<H extends HttpSecurityBuilder<H>>

java.lang.Object
org.springframework.security.config.annotation.SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,B>
org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer<OneTimeTokenLoginConfigurer<H>,H>
org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer<H>
All Implemented Interfaces:
SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,H>
public final class OneTimeTokenLoginConfigurer<H extends HttpSecurityBuilder<H>> extends AbstractHttpConfigurer<OneTimeTokenLoginConfigurer<H>,H>

  • Constructor Details

    • OneTimeTokenLoginConfigurer

      public OneTimeTokenLoginConfigurer(org.springframework.context.ApplicationContext context)

  • Method Details

    • init

      public void init(H http)
      Description copied from interface: SecurityConfigurer
      Initialize the SecurityBuilder. Here only shared state should be created and modified, but not properties on the SecurityBuilder used for building the object. This ensures that the SecurityConfigurer.configure(SecurityBuilder) method uses the correct shared objects when building. Configurers should be applied here.
      Specified by:
      init in interface SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>
      Overrides:
      init in class SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>

    • configure

      public void configure(H http)
      Description copied from interface: SecurityConfigurer
      Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.
      Specified by:
      configure in interface SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>
      Overrides:
      configure in class SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>

    • authenticationProvider

      public OneTimeTokenLoginConfigurer<H> authenticationProvider(org.springframework.security.authentication.AuthenticationProvider authenticationProvider)
      Specifies the AuthenticationProvider to use when authenticating the user.
      Parameters:
      authenticationProvider -

    • tokenGeneratingUrl

      public OneTimeTokenLoginConfigurer<H> tokenGeneratingUrl(String tokenGeneratingUrl)
      Specifies the URL that a One-Time Token generate request will be processed. Defaults to /ott/generate.
      Parameters:
      tokenGeneratingUrl -

    • tokenGenerationSuccessHandler

      public OneTimeTokenLoginConfigurer<H> tokenGenerationSuccessHandler(org.springframework.security.web.authentication.ott.OneTimeTokenGenerationSuccessHandler oneTimeTokenGenerationSuccessHandler)
      Specifies strategy to be used to handle generated one-time tokens.
      Parameters:
      oneTimeTokenGenerationSuccessHandler -

    • loginProcessingUrl

      public OneTimeTokenLoginConfigurer<H> loginProcessingUrl(String loginProcessingUrl)
      Specifies the URL to process the login request, defaults to /login/ott. Only POST requests are processed, for that reason make sure that you pass a valid CSRF token if CSRF protection is enabled.
      Parameters:
      loginProcessingUrl -
      See Also:

    • showDefaultSubmitPage

      public OneTimeTokenLoginConfigurer<H> showDefaultSubmitPage(boolean show)
      Configures whether the default one-time token submit page should be shown. This will prevent the DefaultOneTimeTokenSubmitPageGeneratingFilter to be configured.
      Parameters:
      show -

    • defaultSubmitPageUrl

      public OneTimeTokenLoginConfigurer<H> defaultSubmitPageUrl(String submitPageUrl)
      Sets the URL that the default submit page will be generated. Defaults to /login/ott. If you don't want to generate the default submit page you should use showDefaultSubmitPage(boolean). Note that this method always invoke showDefaultSubmitPage(boolean) passing true.
      Parameters:
      submitPageUrl -

    • tokenService

      public OneTimeTokenLoginConfigurer<H> tokenService(org.springframework.security.authentication.ott.OneTimeTokenService oneTimeTokenService)
      Configures the OneTimeTokenService used to generate and consume OneTimeToken
      Parameters:
      oneTimeTokenService -

    • authenticationConverter

      public OneTimeTokenLoginConfigurer<H> authenticationConverter(org.springframework.security.web.authentication.AuthenticationConverter authenticationConverter)
      Use this AuthenticationConverter when converting incoming requests to an Authentication. By default, the OneTimeTokenAuthenticationConverter is used.
      Parameters:
      authenticationConverter - the AuthenticationConverter to use

    • authenticationFailureHandler

      public OneTimeTokenLoginConfigurer<H> authenticationFailureHandler(org.springframework.security.web.authentication.AuthenticationFailureHandler authenticationFailureHandler)
      Specifies the AuthenticationFailureHandler to use when authentication fails. The default is redirecting to "/login?error" using SimpleUrlAuthenticationFailureHandler
      Parameters:
      authenticationFailureHandler - the AuthenticationFailureHandler to use when authentication fails.

    • authenticationSuccessHandler

      public OneTimeTokenLoginConfigurer<H> authenticationSuccessHandler(org.springframework.security.web.authentication.AuthenticationSuccessHandler authenticationSuccessHandler)
      Specifies the AuthenticationSuccessHandler to be used. The default is SavedRequestAwareAuthenticationSuccessHandler with no additional properties set.
      Parameters:
      authenticationSuccessHandler - the AuthenticationSuccessHandler.

    • getContext

      public org.springframework.context.ApplicationContext getContext()