Package com.c4_soft.springaddons.security.oauth2.config.synchronised

Class ServletSecurityBeans

java.lang.Object

com.c4_soft.springaddons.security.oauth2.config.synchronised.ServletSecurityBeans

@AutoConfiguration
@Import(com.c4_soft.springaddons.security.oauth2.config.SpringAddonsSecurityProperties.class)
@EnableWebSecurity
public class ServletSecurityBeans
extends Object

Usage
If not using spring-boot, @Import or @ComponentScan this class. All beans defined here are @ConditionalOnMissingBean => just define your own @Beans to override.

Provided @Beans

• SecurityFilterChain: applies CORS, CSRF, anonymous, sessionCreationPolicy, SSL redirect and 401 instead of redirect to login properties as defined in SpringAddonsSecurityProperties
• ExpressionInterceptUrlRegistryPostProcessor. Override if you need fined grained HTTP security (more than authenticated() to all routes but the ones defined as permitAll() in SpringAddonsSecurityProperties
• SimpleJwtGrantedAuthoritiesConverter: responsible for converting the JWT into Collection<? extends GrantedAuthority>
• SynchronizedJwt2OpenidClaimSetConverter<T extends Map<String, Object> & Serializable>: responsible for converting the JWT into a claim-set of your choice (OpenID or not)
• SynchronizedJwt2AuthenticationConverter<OAuthentication<T>>: responsible for converting the JWT into an Authentication (uses both beans above)
• JwtIssuerAuthenticationManagerResolver: required to be able to define more than one token issuer until https://github.com/spring-projects/spring-boot/issues/30108 is solved

Author:

Jerome Wacongne ch4mp@c4-soft.com

Constructor Summary

Constructors

Constructor	Description
ServletSecurityBeans()

Method Summary

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

ServletSecurityBeans

public ServletSecurityBeans()