Package com.vaadin.flow.spring.security.stateless

Class VaadinStatelessSecurityConfigurer<H extends org.springframework.security.config.annotation.web.HttpSecurityBuilder<H>>

java.lang.Object

org.springframework.security.config.annotation.SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,B>

org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer<VaadinStatelessSecurityConfigurer<H>,H>

com.vaadin.flow.spring.security.stateless.VaadinStatelessSecurityConfigurer<H>

Type Parameters:

H - the concrete HttpSecurityBuilder subclass

All Implemented Interfaces:

org.springframework.security.config.annotation.SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,H>

public final class VaadinStatelessSecurityConfigurer<H extends org.springframework.security.config.annotation.web.HttpSecurityBuilder<H>>
extends org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer<VaadinStatelessSecurityConfigurer<H>,H>

Enables authentication that relies on JWT instead of sessions.

Shared Objects Created

The following shared objects are populated:

• SecurityContextRepository is populated with a JwtSecurityContextRepository
• CsrfConfigurer.csrfTokenRepository(CsrfTokenRepository) is used to set LazyCsrfTokenRepository that delegates to CookieCsrfTokenRepository

Shared Objects Used

The following shared objects are used:

• VaadinDefaultRequestCache - if present, this uses VaadinDefaultRequestCache.setDelegateRequestCache(RequestCache) to delegate saving requests to CookieRequestCache

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
class	VaadinStatelessSecurityConfigurer.SecretKeyConfigurer	Enables configuring the secret key and the algorithm for the JWT signing and verification when using VaadinStatelessSecurityConfigurer.

Constructor Summary

Constructors

Constructor	Description
VaadinStatelessSecurityConfigurer()

Method Summary

Modifier and Type	Method	Description
void	configure(H http)
VaadinStatelessSecurityConfigurer<H>	expiresIn(long expiresIn)	Sets the lifetime of the JWT.
void	init(H http)
VaadinStatelessSecurityConfigurer<H>	issuer(String issuer)	Sets the issuer claim to use when issuing and verifying the JWT.
VaadinStatelessSecurityConfigurer.SecretKeyConfigurer	withSecretKey()	Specifies using a secret key for signing and verification.
VaadinStatelessSecurityConfigurer<H>	withSecretKey(org.springframework.security.config.Customizer<VaadinStatelessSecurityConfigurer.SecretKeyConfigurer> customizer)	Specifies using a secret key for signing and verification.

Methods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer

disable, withObjectPostProcessor

Methods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter

addObjectPostProcessor, and, getBuilder, postProcess, setBuilder

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

VaadinStatelessSecurityConfigurer

public VaadinStatelessSecurityConfigurer()

Method Detail

init

public void init(H http)

Specified by:

init in interface org.springframework.security.config.annotation.SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,H extends org.springframework.security.config.annotation.web.HttpSecurityBuilder<H>>

Overrides:

init in class org.springframework.security.config.annotation.SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,H extends org.springframework.security.config.annotation.web.HttpSecurityBuilder<H>>

configure

public void configure(H http)

Specified by:

configure in interface org.springframework.security.config.annotation.SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,H extends org.springframework.security.config.annotation.web.HttpSecurityBuilder<H>>

Overrides:

configure in class org.springframework.security.config.annotation.SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,H extends org.springframework.security.config.annotation.web.HttpSecurityBuilder<H>>

expiresIn

public VaadinStatelessSecurityConfigurer<H> expiresIn(long expiresIn)

Sets the lifetime of the JWT. The default is 1800 seconds.

Parameters:

expiresIn - the lifetime in seconds

Returns:

the VaadinStatelessSecurityConfigurer for further customization

issuer

public VaadinStatelessSecurityConfigurer<H> issuer(String issuer)

Sets the issuer claim to use when issuing and verifying the JWT.

Parameters:

issuer - string identifier or URL of the issuer

Returns:

the VaadinStatelessSecurityConfigurer for further customization

withSecretKey

public VaadinStatelessSecurityConfigurer.SecretKeyConfigurer withSecretKey()

Specifies using a secret key for signing and verification.

Returns:

the VaadinStatelessSecurityConfigurer.SecretKeyConfigurer

withSecretKey

public VaadinStatelessSecurityConfigurer<H> withSecretKey(org.springframework.security.config.Customizer<VaadinStatelessSecurityConfigurer.SecretKeyConfigurer> customizer)

Specifies using a secret key for signing and verification.

Parameters:

customizer - the Customizer to provide configuration for the VaadinStatelessSecurityConfigurer.SecretKeyConfigurer

Returns:

the VaadinStatelessSecurityConfigurer for further customization