Contact us
Create app
com.vaadin.flow.spring.security.stateless.
Package com.vaadin.flow.spring.security.stateless

Class VaadinStatelessSecurityConfigurer<H extends org.springframework.security.config.annotation.web.HttpSecurityBuilder<H>>

java.lang.Object
org.springframework.security.config.annotation.SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,B>
org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer<VaadinStatelessSecurityConfigurer<H>,H>
com.vaadin.flow.spring.security.stateless.VaadinStatelessSecurityConfigurer<H>

Type Parameters:

H - the concrete HttpSecurityBuilder subclass

All Implemented Interfaces:

org.springframework.security.config.annotation.SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,H>

public final class VaadinStatelessSecurityConfigurer<H extends org.springframework.security.config.annotation.web.HttpSecurityBuilder<H>> extends org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer<VaadinStatelessSecurityConfigurer<H>,H>

Enables authentication that relies on JWT instead of sessions.

Shared Objects Created

The following shared objects are populated:
  • SecurityContextRepository is populated with a JwtSecurityContextRepository
  • CsrfConfigurer.csrfTokenRepository(CsrfTokenRepository) is used to set LazyCsrfTokenRepository that delegates to CookieCsrfTokenRepository

Shared Objects Used

The following shared objects are used:

  • Constructor Details

    • VaadinStatelessSecurityConfigurer

      public VaadinStatelessSecurityConfigurer()

  • Method Details

    • setSharedObjects

      @Deprecated(since="24.4", forRemoval=true) public void setSharedObjects(org.springframework.security.config.annotation.web.builders.HttpSecurity http)
      Deprecated, for removal: This API element is subject to removal in a future version.
      to be removed. There is no direct replacement for this method. Shared object setup must be done along with other required configurations by calling apply(HttpSecurity, Customizer).

      Sets JwtSecurityContextRepository as a shared object to be used by multiple SecurityConfigurer.

      Parameters:

      http - the http security builder to store the shared object.

      See Also:

    • apply

      public static void apply(org.springframework.security.config.annotation.web.builders.HttpSecurity http, org.springframework.security.config.Customizer<VaadinStatelessSecurityConfigurer<org.springframework.security.config.annotation.web.builders.HttpSecurity>> customizer) throws Exception

      Applies configuration required to enable stateless security for a Vaadin application.

      Use customizer to tune VaadinStatelessSecurityConfigurer, or Customizer.withDefaults() to accept the default values.

      Parameters:

      http - the http security builder

      customizer - the Customizer to provide more options for the VaadinStatelessSecurityConfigurer

      Throws:

      Exception

    • init

      public void init(H http)

      Specified by:

      init in interface org.springframework.security.config.annotation.SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,H extends org.springframework.security.config.annotation.web.HttpSecurityBuilder<H>>

      Overrides:

      init in class org.springframework.security.config.annotation.SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,H extends org.springframework.security.config.annotation.web.HttpSecurityBuilder<H>>

    • configure

      public void configure(H http)

      Specified by:

      configure in interface org.springframework.security.config.annotation.SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,H extends org.springframework.security.config.annotation.web.HttpSecurityBuilder<H>>

      Overrides:

      configure in class org.springframework.security.config.annotation.SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,H extends org.springframework.security.config.annotation.web.HttpSecurityBuilder<H>>

    • expiresIn

      public VaadinStatelessSecurityConfigurer<H> expiresIn(long expiresIn)

      Sets the lifetime of the JWT. The default is 1800 seconds.

      Parameters:

      expiresIn - the lifetime in seconds

      Returns:

      the VaadinStatelessSecurityConfigurer for further customization

    • issuer

      public VaadinStatelessSecurityConfigurer<H> issuer(String issuer)

      Sets the issuer claim to use when issuing and verifying the JWT.

      Parameters:

      issuer - string identifier or URL of the issuer

      Returns:

      the VaadinStatelessSecurityConfigurer for further customization

    • withSecretKey

      public VaadinStatelessSecurityConfigurer<H>.SecretKeyConfigurer withSecretKey()

      Specifies using a secret key for signing and verification.

      Returns:

      the VaadinStatelessSecurityConfigurer<H extends org.springframework.security.config.annotation.web.HttpSecurityBuilder<H>>.SecretKeyConfigurer

    • withSecretKey

      public VaadinStatelessSecurityConfigurer<H> withSecretKey(org.springframework.security.config.Customizer<VaadinStatelessSecurityConfigurer<H>.SecretKeyConfigurer> customizer)

      Specifies using a secret key for signing and verification.

      Parameters:

      customizer - the Customizer to provide configuration for the VaadinStatelessSecurityConfigurer<H extends org.springframework.security.config.annotation.web.HttpSecurityBuilder<H>>.SecretKeyConfigurer

      Returns:

      the VaadinStatelessSecurityConfigurer for further customization

Copyright © 2025. All rights reserved.