All Classes and Interfaces
Class
Description
Customize access-control for routes which where not listed in spring-addons "permit-all" properties for client and resource server filter chains
Deprecated, for removal: This API element is subject to removal in a future version.
Deprecated, for removal: This API element is subject to removal in a future version.
Deprecated, for removal: This API element is subject to removal in a future version.
replaced by
SpringAddonsOauth2ServerRedirectStrategyPost processor for access control in Java configuration.
A post-processor to override anything from spring-addons client security filter-chain auto-configuration.
Portable converter to extract Spring-security authorities from OAuth2 claims.
DEFAULT switches between DISABLED if statlessSessions is true (resource server) and SESSION otherwise (client)
DISABLE disables CSRF protection.
Provides with a JwtDecoder (configured with the required validators).
Provides with a JwtDecoder (configured with the required validators).
Customize access-control for routes which where not listed in
SpringAddonsOidcClientProperties.permitAll or
SpringAddonsOidcResourceServerProperties.permitAllDeprecated, for removal: This API element is subject to removal in a future version.
Deprecated, for removal: This API element is subject to removal in a future version.
Support class to statically access current request.
An
AuthenticationManager relying on JWTClaimsSetAuthenticationManager.JWTClaimsSetAuthenticationManagerResolver, itself using SpringAddonsJwtDecoderFactory and a
Converter<Jwt, AbstractAuthenticationToken>.
An
AuthenticationManagerResolver for resource servers using JWT decoder(s).Resolves OpenID Provider configuration properties from OAuth2 / OpenID claims (decoded from a JWT, introspected from an opaque token or
retrieved from userinfo endpoint)
An alternative
OAuth2AuthorizedClientProvider to
DelegatingOAuth2AuthorizedClientProvider keeping a different provider for each client
registration.
An alternative
ReactiveOAuth2AuthorizedClientProvider to
DelegatingReactiveOAuth2AuthorizedClientProvider keeping a different provider for each
client registration.Process
ServerHttpSecurity of default security filter-chain after it was processed by spring-addons.
An
AuthenticationManager relying on JWTClaimsSetAuthenticationManager.JWTClaimsSetAuthenticationManagerResolver, itself using SpringAddonsReactiveJwtDecoderFactory and
a Converter<Jwt, Mono<? extends AbstractAuthenticationToken>>.
An
ReactiveAuthenticationManagerResolver for resource servers using JWT decoder(s).The following
@ConditionalOnMissingBeans are auto-configured
springAddonsClientFilterChain: a SecurityWebFilterChain.
Usage
If not using spring-boot, @Import or @ComponentScan this class.
If not using spring-boot, @Import or @ComponentScan this class.
Customize access-control for routes which where not listed in
SpringAddonsOidcClientProperties::permit-all or
SpringAddonsOidcResourceServerProperties::permit-allProcess
ServerHttpSecurity of default security filter-chain after it was processed by spring-addons.Process
HttpSecurity of default security filter-chain after it was processed by spring-addons.
Support class to statically access current request.
An
AuthenticationManagerResolver always resolving the same JWTClaimsSetAuthenticationManager which relies on
JWTClaimsSetAuthenticationManager.JWTClaimsSetAuthenticationManagerResolver, itself using SpringAddonsJwtDecoderFactory and a Converter@lt;Jwt,
AbstractAuthenticationToken>.
Provides with a JwtDecoder (configured with the required validators).
Provide with RP-Initiated
Logout for authorization-servers fully compliant with OIDC standard as well as those "almost"
implementing the spec.
An authentication failure handler reading post-login failure URI in session (set by the frontend with a header or request param when
initiating the authorization_code flow) and using a
SpringAddonsOauth2RedirectStrategyAn authentication success handler reading post-login success URI in session (set by the frontend
with a header or request param when initiating the authorization_code flow) and using a
SpringAddonsOauth2RedirectStrategySupport three features:
Use the
SpringAddonsOidcClientProperties#client-uri to set the base URI of authorization-code callback
(of interest for instance when using an ingress or another gateway in front of the OAuth2 client
with oauth2Login)
Defining authorization request additional parameters from properties (like audience for
Auth0)
Save in session post-login URIs provided as header
(SpringAddonsOidcClientProperties.POST_AUTHENTICATION_SUCCESS_URI_HEADER and
SpringAddonsOidcClientProperties.POST_AUTHENTICATION_FAILURE_URI_HEADER) or request param
(SpringAddonsOidcClientProperties.POST_AUTHENTICATION_SUCCESS_URI_PARAM and
SpringAddonsOidcClientProperties.POST_AUTHENTICATION_FAILURE_URI_PARAM).A redirect strategy that might not actually redirect: the HTTP status is taken from
com.c4-soft.springaddons.oidc.client.oauth2-redirect-status property.
An authentication failure handler reading post-login failure URI in session (set by the frontend with a header or request param when
initiating the authorization_code flow) and using a
SpringAddonsOauth2ServerRedirectStrategyAn authentication success handler reading post-login success URI in session (set by the frontend
with a header or request param when initiating the authorization_code flow) and using a
SpringAddonsOauth2ServerRedirectStrategyA redirect strategy that might not actually redirect: the HTTP status is taken from
com.c4-soft.springaddons.oidc.client.oauth2-redirect-status property.
Auto-configuration for an OAuth2 client (secured with session, not access token)
Security(Web)FilterChain with @Order(Ordered.LOWEST_PRECEDENCE - 1).
Logout properties for OpenID Providers which do not implement the RP-Initiated Logout spec
Request parameter
The following
@ConditionalOnMissingBeans are auto-configured
springAddonsClientFilterChain: a SecurityFilterChain.
Configuration properties for OAuth2 auto-configuration extensions to
spring-boot-starter-oauth2-client and spring-boot-starter-oauth2-resource-server.
OpenID Providers configuration.
Usage
If not using spring-boot, @Import or @ComponentScan this class.
If not using spring-boot, @Import or @ComponentScan this class.
Auto-configuration for an OAuth2 resource server Security(Web)FilterChain with
@Order(LOWEST_PRECEDENCE).
An
ReactiveAuthenticationManagerResolver always resolving the same ReactiveJWTClaimsSetAuthenticationManager which relies on
JWTClaimsSetAuthenticationManager.JWTClaimsSetAuthenticationManagerResolver, itself using SpringAddonsReactiveJwtDecoderFactory and a Converter@lt;Jwt,
AbstractAuthenticationToken>.
Provides with a JwtDecoder (configured with the required validators).
Provide with RP-Initiated
Logout for authorization-servers fully compliant with OIDC standard as well as those "almost"
implementing the spec.
Serves three purposes:
Use the
SpringAddonsOidcClientProperties#client-uri to set the base URI of authorization-code callback
(of interest for instance when using an ingress or another gateway in front of the OAuth2 client
with oauth2Login)
Add the query params taken from authorization-request-params in application properties
Save in session post-login URIs provided as header
(SpringAddonsOidcClientProperties.POST_AUTHENTICATION_SUCCESS_URI_HEADER and
SpringAddonsOidcClientProperties.POST_AUTHENTICATION_FAILURE_URI_HEADER) or request param
(SpringAddonsOidcClientProperties.POST_AUTHENTICATION_SUCCESS_URI_PARAM and
SpringAddonsOidcClientProperties.POST_AUTHENTICATION_FAILURE_URI_PARAM).
SpringAddonsOauth2RedirectStrategy