com.auth0.spring.security.api

Class Auth0SecurityConfig

java.lang.Object

org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter

com.auth0.spring.security.api.Auth0SecurityConfig

All Implemented Interfaces:

org.springframework.security.config.annotation.SecurityConfigurer<javax.servlet.Filter,org.springframework.security.config.annotation.web.builders.WebSecurity>, org.springframework.security.config.annotation.web.WebSecurityConfigurer<org.springframework.security.config.annotation.web.builders.WebSecurity>

@Configuration
@EnableWebSecurity(debug=true)
@EnableGlobalMethodSecurity(prePostEnabled=true)
@Order(value=2147483640)
@ConditionalOnProperty(prefix="auth0",
                       name="defaultAuth0ApiSecurityEnabled")
public class Auth0SecurityConfig
extends org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter

Auth0 Security Config that wires together dependencies required Applications are expected to extend this Config

Field Summary

Fields

Modifier and Type	Field and Description
protected String	authorityStrategy
protected boolean	base64EncodedSecret
protected String	clientId
protected String	clientSecret
protected String	domain
protected String	issuer
protected String	securedRoute

Constructor Summary

Constructors

Constructor and Description
Auth0SecurityConfig()

Method Summary

Methods

Modifier and Type	Method and Description
Auth0AuthenticationEntryPoint	auth0AuthenticationEntryPoint()
Auth0AuthenticationFilter	auth0AuthenticationFilter(Auth0AuthenticationEntryPoint entryPoint)
Auth0AuthenticationProvider	auth0AuthenticationProvider()
org.springframework.security.authentication.AuthenticationManager	authenticationManagerBean()
protected void	authorizeRequests(org.springframework.security.config.annotation.web.builders.HttpSecurity http) Lightweight default configuration that offers basic authorization checks for authenticated users on secured endpoint, and sets up a Principal user object with granted authorities
protected void	configure(org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder auth)
protected void	configure(org.springframework.security.config.annotation.web.builders.HttpSecurity http)
Auth0CORSFilter	simpleCORSFilter()

Methods inherited from class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter

authenticationManager, configure, getHttp, init, setApplicationContext, setAuthenticationConfiguration, setContentNegotationStrategy, setObjectPostProcessor, setTrustResolver, userDetailsService, userDetailsServiceBean

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

domain

@Value(value="${auth0.domain}")
protected String domain

issuer

@Value(value="${auth0.issuer}")
protected String issuer

clientId

@Value(value="${auth0.clientId}")
protected String clientId

clientSecret

@Value(value="${auth0.clientSecret}")
protected String clientSecret

securedRoute

@Value(value="${auth0.securedRoute}")
protected String securedRoute

authorityStrategy

@Value(value="${auth0.authorityStrategy}")
protected String authorityStrategy

base64EncodedSecret

@Value(value="${auth0.base64EncodedSecret}")
protected boolean base64EncodedSecret

Constructor Detail

Auth0SecurityConfig

public Auth0SecurityConfig()

Method Detail

authenticationManagerBean

@Autowired
@Bean(name="auth0AuthenticationManager")
public org.springframework.security.authentication.AuthenticationManager authenticationManagerBean()
                                                                                            throws Exception

Overrides:

authenticationManagerBean in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter

Throws:

Exception

simpleCORSFilter

@Bean
public Auth0CORSFilter simpleCORSFilter()

auth0AuthenticationProvider

@Bean(name="auth0AuthenticationProvider")
public Auth0AuthenticationProvider auth0AuthenticationProvider()

auth0AuthenticationEntryPoint

@Bean(name="auth0EntryPoint")
public Auth0AuthenticationEntryPoint auth0AuthenticationEntryPoint()

auth0AuthenticationFilter

@Bean(name="auth0Filter")
public Auth0AuthenticationFilter auth0AuthenticationFilter(Auth0AuthenticationEntryPoint entryPoint)

configure

protected void configure(org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder auth)
                  throws Exception

Overrides:

configure in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter

Throws:

Exception

configure

protected void configure(org.springframework.security.config.annotation.web.builders.HttpSecurity http)
                  throws Exception

Overrides:

configure in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter

Throws:

Exception

authorizeRequests

protected void authorizeRequests(org.springframework.security.config.annotation.web.builders.HttpSecurity http)
                          throws Exception

Lightweight default configuration that offers basic authorization checks for authenticated users on secured endpoint, and sets up a Principal user object with granted authorities

For simple apps, this is sufficient, however for applications wishing to specify fine-grained endpoint access restrictions, use Role / Group level endpoint authorization etc, then this configuration should be disabled and a copy, augmented with your own requirements provided. See Sample app for example Override this function in subclass to apply custom authentication / authorization strategies to your application endpoints

Throws:

Exception