Package org.springframework.security.config.annotation.web.configurers

Class HttpBasicConfigurer<B extends HttpSecurityBuilder<B>>

java.lang.Object

org.springframework.security.config.annotation.SecurityConfigurerAdapter<DefaultSecurityFilterChain,B>

org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer<HttpBasicConfigurer<B>,B>

org.springframework.security.config.annotation.web.configurers.HttpBasicConfigurer<B>

All Implemented Interfaces:

SecurityConfigurer<DefaultSecurityFilterChain,B>

public final class HttpBasicConfigurer<B extends HttpSecurityBuilder<B>>
extends AbstractHttpConfigurer<HttpBasicConfigurer<B>,B>

Adds HTTP basic based authentication. All attributes have reasonable defaults making all parameters are optional.

Security Filters

The following Filters are populated

• BasicAuthenticationFilter

Shared Objects Created

• AuthenticationEntryPoint - populated with the authenticationEntryPoint(AuthenticationEntryPoint) (default BasicAuthenticationEntryPoint)

Shared Objects Used

The following shared objects are used:

• AuthenticationManager
• RememberMeServices

Since:

3.2

Constructor Summary

Constructors

Constructor	Description
HttpBasicConfigurer()	Creates a new instance

Method Summary

Modifier and Type	Method	Description
HttpBasicConfigurer<B>	authenticationDetailsSource(AuthenticationDetailsSource<jakarta.servlet.http.HttpServletRequest,?> authenticationDetailsSource)	Specifies a custom AuthenticationDetailsSource to use for basic authentication.
HttpBasicConfigurer<B>	authenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint)	The AuthenticationEntryPoint to be populated on BasicAuthenticationFilter in the event that authentication fails.
void	configure(B http)	Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.
void	init(B http)	Initialize the SecurityBuilder.
HttpBasicConfigurer<B>	realmName(String realmName)	Allows easily changing the realm, but leaving the remaining defaults in place.
HttpBasicConfigurer<B>	securityContextRepository(SecurityContextRepository securityContextRepository)	Specifies a custom SecurityContextRepository to use for basic authentication.

Methods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer

disable, getSecurityContextHolderStrategy, withObjectPostProcessor, withObjectPostProcessor

Methods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter

addObjectPostProcessor, addObjectPostProcessor, and, getBuilder, postProcess, setBuilder

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

HttpBasicConfigurer

public HttpBasicConfigurer()

Creates a new instance

See Also:

• HttpSecurity.httpBasic()

Method Details

realmName

public HttpBasicConfigurer<B> realmName(String realmName)

Allows easily changing the realm, but leaving the remaining defaults in place. If authenticationEntryPoint(AuthenticationEntryPoint) has been invoked, invoking this method will result in an error.

Parameters:

realmName - the HTTP Basic realm to use

Returns:

HttpBasicConfigurer for additional customization

authenticationEntryPoint

public HttpBasicConfigurer<B> authenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint)

The AuthenticationEntryPoint to be populated on BasicAuthenticationFilter in the event that authentication fails. The default to use BasicAuthenticationEntryPoint with the realm "Realm".

Parameters:

authenticationEntryPoint - the AuthenticationEntryPoint to use

Returns:

HttpBasicConfigurer for additional customization

authenticationDetailsSource

public HttpBasicConfigurer<B> authenticationDetailsSource(AuthenticationDetailsSource<jakarta.servlet.http.HttpServletRequest,?> authenticationDetailsSource)

Specifies a custom AuthenticationDetailsSource to use for basic authentication. The default is WebAuthenticationDetailsSource.

Parameters:

authenticationDetailsSource - the custom AuthenticationDetailsSource to use

Returns:

HttpBasicConfigurer for additional customization

securityContextRepository

public HttpBasicConfigurer<B> securityContextRepository(SecurityContextRepository securityContextRepository)

Specifies a custom SecurityContextRepository to use for basic authentication. The default is RequestAttributeSecurityContextRepository.

Parameters:

securityContextRepository - the custom SecurityContextRepository to use

Returns:

HttpBasicConfigurer for additional customization

Since:

6.1

init

public void init(B http)

Description copied from interface: SecurityConfigurer

Initialize the SecurityBuilder. Here only shared state should be created and modified, but not properties on the SecurityBuilder used for building the object. This ensures that the SecurityConfigurer.configure(SecurityBuilder) method uses the correct shared objects when building. Configurers should be applied here.

Specified by:

init in interface SecurityConfigurer<DefaultSecurityFilterChain,B extends HttpSecurityBuilder<B>>

Overrides:

init in class SecurityConfigurerAdapter<DefaultSecurityFilterChain,B extends HttpSecurityBuilder<B>>

configure

public void configure(B http)

Description copied from interface: SecurityConfigurer

Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.

Specified by:

configure in interface SecurityConfigurer<DefaultSecurityFilterChain,B extends HttpSecurityBuilder<B>>

Overrides:

configure in class SecurityConfigurerAdapter<DefaultSecurityFilterChain,B extends HttpSecurityBuilder<B>>