Package org.springframework.security.config.web.server

Class ServerHttpSecurity.FormLoginSpec

java.lang.Object
org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec
Enclosing class:
ServerHttpSecurity
public final class ServerHttpSecurity.FormLoginSpec extends Object
Configures Form Based authentication
Since:
5.0
See Also:

  • Method Details

    • authenticationManager

      public ServerHttpSecurity.FormLoginSpec authenticationManager(org.springframework.security.authentication.ReactiveAuthenticationManager authenticationManager)
      The ReactiveAuthenticationManager used to authenticate. Defaults to ServerHttpSecurity.authenticationManager(ReactiveAuthenticationManager).
      Parameters:
      authenticationManager - the authentication manager to use
      Returns:
      the ServerHttpSecurity.FormLoginSpec to continue configuring

    • authenticationSuccessHandler

      public ServerHttpSecurity.FormLoginSpec authenticationSuccessHandler(org.springframework.security.web.server.authentication.ServerAuthenticationSuccessHandler authenticationSuccessHandler)
      The ServerAuthenticationSuccessHandler used after authentication success. Defaults to RedirectServerAuthenticationSuccessHandler. Note that this method clears previously added success handlers via authenticationSuccessHandler(Consumer)
      Parameters:
      authenticationSuccessHandler - the success handler to use
      Returns:
      the ServerHttpSecurity.FormLoginSpec to continue configuring

    • authenticationSuccessHandler

      public ServerHttpSecurity.FormLoginSpec authenticationSuccessHandler(Consumer<List<org.springframework.security.web.server.authentication.ServerAuthenticationSuccessHandler>> handlersConsumer)
      Allows customizing the list of ServerAuthenticationSuccessHandler. The default list contains a RedirectServerAuthenticationSuccessHandler that redirects to "/".
      Parameters:
      handlersConsumer - the handlers consumer
      Returns:
      the ServerHttpSecurity.FormLoginSpec to continue configuring
      Since:
      6.3

    • loginPage

      public ServerHttpSecurity.FormLoginSpec loginPage(String loginPage)
      Configures the log in page to redirect to, the authentication failure page, and when authentication is performed. The default is that Spring Security will generate a log in page at "/login" and a log out page at "/logout". If this is customized:
      • The default log in & log out page are no longer provided
      • The application must render a log in page at the provided URL
      • The application must render an authentication error page at the provided URL + "?error"
      • Authentication will occur for POST to the provided URL
      Parameters:
      loginPage - the url to redirect to which provides a form to log in (i.e. "/login")
      Returns:
      the ServerHttpSecurity.FormLoginSpec to continue configuring
      See Also:

    • authenticationEntryPoint

      public ServerHttpSecurity.FormLoginSpec authenticationEntryPoint(org.springframework.security.web.server.ServerAuthenticationEntryPoint authenticationEntryPoint)
      How to request for authentication. The default is that Spring Security will generate a log in page at "/login".
      Parameters:
      authenticationEntryPoint - the entry point to use
      Returns:
      the ServerHttpSecurity.FormLoginSpec to continue configuring
      See Also:

    • requiresAuthenticationMatcher

      public ServerHttpSecurity.FormLoginSpec requiresAuthenticationMatcher(org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher requiresAuthenticationMatcher)
      Configures when authentication is performed. The default is a POST to "/login".
      Parameters:
      requiresAuthenticationMatcher - the matcher to use
      Returns:
      the ServerHttpSecurity.FormLoginSpec to continue configuring
      See Also:

    • authenticationFailureHandler

      public ServerHttpSecurity.FormLoginSpec authenticationFailureHandler(org.springframework.security.web.server.authentication.ServerAuthenticationFailureHandler authenticationFailureHandler)
      Configures how a failed authentication is handled. The default is to redirect to "/login?error".
      Parameters:
      authenticationFailureHandler - the handler to use
      Returns:
      the ServerHttpSecurity.FormLoginSpec to continue configuring
      See Also:

    • securityContextRepository

      public ServerHttpSecurity.FormLoginSpec securityContextRepository(org.springframework.security.web.server.context.ServerSecurityContextRepository securityContextRepository)
      The ServerSecurityContextRepository used to save the Authentication. Defaults to WebSessionServerSecurityContextRepository. For the SecurityContext to be loaded on subsequent requests the ReactorContextWebFilter must be configured to be able to load the value (they are not implicitly linked).
      Parameters:
      securityContextRepository - the repository to use
      Returns:
      the ServerHttpSecurity.FormLoginSpec to continue configuring

    • disable

      public ServerHttpSecurity disable()
      Disables HTTP Basic authentication.
      Returns:
      the ServerHttpSecurity to continue configuring

    • configure

      protected void configure(ServerHttpSecurity http)