We use cookies to serve our customers and website visitors in the best possible way. Cookies are used for the proper functioning of the website and for improving the user experience, monitoring visitor traffic and marketing purposes. By continuing to browse the site, you agree to our use of cookies. You can read more about cookies here.
com.vaadin.flow.spring.security.stateless.
Class VaadinStatelessSecurityConfigurer<H extends org.springframework.security.config.annotation.web.HttpSecurityBuilder<H>>
java.lang.Object
org.springframework.security.config.annotation.SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,B>
org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer<VaadinStatelessSecurityConfigurer<H>,H>
com.vaadin.flow.spring.security.stateless.VaadinStatelessSecurityConfigurer<H>
Type Parameters:
H - the concrete HttpSecurityBuilder subclass
All Implemented Interfaces:
org.springframework.security.config.annotation.SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,
public final class VaadinStatelessSecurityConfigurer<H extends org.springframework.security.config.annotation.web.HttpSecurityBuilder<H>>
extends org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer<VaadinStatelessSecurityConfigurer<H>,H>
Enables authentication that relies on JWT instead of sessions.
Shared Objects Created
The following shared objects are populated:SecurityContextRepositoryis populated with aJwtSecurityContextRepositoryCsrfConfigurer.csrfTokenRepository(CsrfTokenRepository)is used to setLazyCsrfTokenRepositorythat delegates toCookieCsrfTokenRepository
Shared Objects Used
The following shared objects are used:VaadinDefaultRequestCache- if present, this usesVaadinDefaultRequestCache.setDelegateRequestCache(RequestCache)to delegate saving requests toCookieRequestCacheVaadinSavedRequestAwareAuthenticationSuccessHandler- if present, this usesVaadinSavedRequestAwareAuthenticationSuccessHandler.setCsrfTokenRepository(CsrfTokenRepository)to allow the success handler to set the new csrf cookie
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionclassEnables configuring the secret key and the algorithm for the JWT signing and verification when using
VaadinStatelessSecurityConfigurer. -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoidexpiresIn(long expiresIn) Sets the lifetime of the JWT.
voidSets the issuer claim to use when issuing and verifying the JWT.
voidsetSharedObjects(org.springframework.security.config.annotation.web.builders.HttpSecurity http) Specifies using a secret key for signing and verification.
withSecretKey(org.springframework.security.config.Customizer<VaadinStatelessSecurityConfigurer<H>.SecretKeyConfigurer> customizer) Specifies using a secret key for signing and verification.
Methods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer
disable, getSecurityContextHolderStrategy, withObjectPostProcessorMethods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter
addObjectPostProcessor, and, getBuilder, postProcess, setBuilder
-
Constructor Details
-
VaadinStatelessSecurityConfigurer
public VaadinStatelessSecurityConfigurer()
-
-
Method Details
-
init
Specified by:
initin interfaceorg.springframework.security.config.annotation.SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,H extends org.springframework.security.config.annotation.web.HttpSecurityBuilder<H>> Overrides:
initin classorg.springframework.security.config.annotation.SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,H extends org.springframework.security.config.annotation.web.HttpSecurityBuilder<H>> -
configure
Specified by:
configurein interfaceorg.springframework.security.config.annotation.SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,H extends org.springframework.security.config.annotation.web.HttpSecurityBuilder<H>> Overrides:
configurein classorg.springframework.security.config.annotation.SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,H extends org.springframework.security.config.annotation.web.HttpSecurityBuilder<H>> -
expiresIn
Sets the lifetime of the JWT. The default is 1800 seconds.
Parameters:
expiresIn- the lifetime in secondsReturns:
the
VaadinStatelessSecurityConfigurerfor further customization -
issuer
Sets the issuer claim to use when issuing and verifying the JWT.
Parameters:
issuer- string identifier or URL of the issuerReturns:
the
VaadinStatelessSecurityConfigurerfor further customization -
withSecretKey
Specifies using a secret key for signing and verification.
Returns:
the
VaadinStatelessSecurityConfigurer<H extends org.springframework.security.config.annotation.web.HttpSecurityBuilder<H>>.SecretKeyConfigurer -
withSecretKey
public VaadinStatelessSecurityConfigurer<H> withSecretKey(org.springframework.security.config.Customizer<VaadinStatelessSecurityConfigurer<H>.SecretKeyConfigurer> customizer) Specifies using a secret key for signing and verification.
Parameters:
customizer- theCustomizerto provide configuration for theVaadinStatelessSecurityConfigurer<H extends org.springframework.security.config.annotation.web.HttpSecurityBuilder<H>>.SecretKeyConfigurerReturns:
the
VaadinStatelessSecurityConfigurerfor further customization