Class X509Configurer<H extends HttpSecurityBuilder<H>>
java.lang.Object
org.springframework.security.config.annotation.SecurityConfigurerAdapter<DefaultSecurityFilterChain,B>
org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer<X509Configurer<H>,H>
org.springframework.security.config.annotation.web.configurers.X509Configurer<H>
- All Implemented Interfaces:
SecurityConfigurer<DefaultSecurityFilterChain,H>
public final class X509Configurer<H extends HttpSecurityBuilder<H>>
extends AbstractHttpConfigurer<X509Configurer<H>,H>
Adds X509 based pre authentication to an application. Since validating the certificate
happens when the client connects, the requesting and validation of the client
certificate should be performed by the container. Spring Security will then use the
certificate to look up the
Authentication for the user.
Security Filters
The following Filters are populated
Shared Objects Created
The following shared objects are created
AuthenticationEntryPointis populated with anHttp403ForbiddenEntryPoint- A
PreAuthenticatedAuthenticationProvideris populated intoHttpSecurity.authenticationProvider(org.springframework.security.authentication.AuthenticationProvider)
Shared Objects Used
The following shared objects are used:
- A
UserDetailsServiceshared object is used if noAuthenticationUserDetailsServiceis specified
- Since:
- 3.2
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionauthenticationDetailsSource(AuthenticationDetailsSource<jakarta.servlet.http.HttpServletRequest, PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails> authenticationDetailsSource) Specifies theAuthenticationDetailsSourceauthenticationUserDetailsService(AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken> authenticationUserDetailsService) Specifies theAuthenticationUserDetailsServiceto use.voidConfigure theSecurityBuilderby setting the necessary properties on theSecurityBuilder.voidInitialize theSecurityBuilder.subjectPrincipalRegex(String subjectPrincipalRegex) Specifies the regex to extract the principal from the certificate.userDetailsService(UserDetailsService userDetailsService) Shortcut for invokingauthenticationUserDetailsService(AuthenticationUserDetailsService)with aUserDetailsByNameServiceWrapper.x509AuthenticationFilter(X509AuthenticationFilter x509AuthenticationFilter) Allows specifying the entireX509AuthenticationFilter.x509PrincipalExtractor(X509PrincipalExtractor x509PrincipalExtractor) Specifies theX509PrincipalExtractorMethods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer
disable, getSecurityContextHolderStrategy, withObjectPostProcessor, withObjectPostProcessorMethods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter
addObjectPostProcessor, addObjectPostProcessor, and, getBuilder, postProcess, setBuilder
-
Constructor Details
-
X509Configurer
public X509Configurer()Creates a new instance- See Also:
-
-
Method Details
-
x509AuthenticationFilter
public X509Configurer<H> x509AuthenticationFilter(X509AuthenticationFilter x509AuthenticationFilter) Allows specifying the entireX509AuthenticationFilter. If this is specified, the properties onX509Configurerwill not be populated on theX509AuthenticationFilter.- Parameters:
x509AuthenticationFilter- theX509AuthenticationFilterto use- Returns:
- the
X509Configurerfor further customizations
-
x509PrincipalExtractor
Specifies theX509PrincipalExtractor- Parameters:
x509PrincipalExtractor- theX509PrincipalExtractorto use- Returns:
- the
X509Configurerto use
-
authenticationDetailsSource
public X509Configurer<H> authenticationDetailsSource(AuthenticationDetailsSource<jakarta.servlet.http.HttpServletRequest, PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails> authenticationDetailsSource) Specifies theAuthenticationDetailsSource- Parameters:
authenticationDetailsSource- theAuthenticationDetailsSourceto use- Returns:
- the
X509Configurerto use
-
userDetailsService
Shortcut for invokingauthenticationUserDetailsService(AuthenticationUserDetailsService)with aUserDetailsByNameServiceWrapper.- Parameters:
userDetailsService- theUserDetailsServiceto use- Returns:
- the
X509Configurerfor further customizations
-
authenticationUserDetailsService
public X509Configurer<H> authenticationUserDetailsService(AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken> authenticationUserDetailsService) Specifies theAuthenticationUserDetailsServiceto use. If not specified, then theUserDetailsServicebean will be used by default.- Parameters:
authenticationUserDetailsService- theAuthenticationUserDetailsServiceto use- Returns:
- the
X509Configurerfor further customizations
-
subjectPrincipalRegex
Specifies the regex to extract the principal from the certificate. If not specified, the default expression fromSubjectDnX509PrincipalExtractoris used.- Parameters:
subjectPrincipalRegex- the regex to extract the user principal from the certificate (i.e. "CN=(.*?)(?:,|$)").- Returns:
- the
X509Configurerfor further customizations
-
init
Description copied from interface:SecurityConfigurerInitialize theSecurityBuilder. Here only shared state should be created and modified, but not properties on theSecurityBuilderused for building the object. This ensures that theSecurityConfigurer.configure(SecurityBuilder)method uses the correct shared objects when building. Configurers should be applied here.- Specified by:
initin interfaceSecurityConfigurer<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>> - Overrides:
initin classSecurityConfigurerAdapter<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>
-
configure
Description copied from interface:SecurityConfigurerConfigure theSecurityBuilderby setting the necessary properties on theSecurityBuilder.- Specified by:
configurein interfaceSecurityConfigurer<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>> - Overrides:
configurein classSecurityConfigurerAdapter<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>
-