Package org.apereo.cas.web.security

Class CasWebSecurityConfigurerAdapter

  • All Implemented Interfaces:
    org.springframework.beans.factory.DisposableBean, org.springframework.security.config.annotation.SecurityConfigurer<javax.servlet.Filter,​org.springframework.security.config.annotation.web.builders.WebSecurity>, org.springframework.security.config.annotation.web.WebSecurityConfigurer<org.springframework.security.config.annotation.web.builders.WebSecurity>
    @Order(1000)
public class CasWebSecurityConfigurerAdapter
extends org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
implements org.springframework.beans.factory.DisposableBean
    This is CasWebSecurityConfigurerAdapter.
    Since:
    6.0.0

    • Field Summary

      Fields 
      Modifier and Type Field Description
      static java.lang.String ENDPOINT_URL_ADMIN_FORM_LOGIN
      Endpoint url used for admin-level form-login of endpoints.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      protected void configure​(org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder auth)  
      protected void configure​(org.springframework.security.config.annotation.web.builders.HttpSecurity http)  
      void configure​(org.springframework.security.config.annotation.web.builders.WebSecurity web)
      Disable Spring Security configuration for protocol endpoints allowing CAS' own security configuration to handle protection of endpoints where necessary.
      protected void configureEndpointAccess​(org.springframework.security.config.annotation.web.builders.HttpSecurity httpSecurity, org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry requests, org.apereo.cas.configuration.model.core.monitor.ActuatorEndpointProperties.EndpointAccessLevel access, org.apereo.cas.configuration.model.core.monitor.ActuatorEndpointProperties properties, org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest.EndpointRequestMatcher endpoint)
      Configure endpoint access.
      protected void configureEndpointAccessByFormLogin​(org.springframework.security.config.annotation.web.builders.HttpSecurity http)
      Configure endpoint access by form login.
      protected void configureEndpointAccessForStaticResources​(org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry requests)
      Configure endpoint access for static resources.
      protected void configureEndpointAccessToDenyUndefined​(org.springframework.security.config.annotation.web.builders.HttpSecurity http, org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry requests)
      Configure endpoint access to deny undefined.
      protected void configureJaasAuthenticationProvider​(org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder auth, org.apereo.cas.configuration.model.core.monitor.JaasSecurityActuatorEndpointsMonitorProperties jaas)
      Configure jaas authentication provider.
      protected void configureLdapAuthenticationProvider​(org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder auth, org.apereo.cas.configuration.model.core.monitor.LdapSecurityActuatorEndpointsMonitorProperties ldap)
      Configure ldap authentication provider.
      void destroy()  

      • Methods inherited from class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter

        authenticationManager, authenticationManagerBean, getApplicationContext, getHttp, init, setApplicationContext, setAuthenticationConfiguration, setContentNegotationStrategy, setObjectPostProcessor, setTrustResolver, userDetailsService, userDetailsServiceBean

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • ENDPOINT_URL_ADMIN_FORM_LOGIN

        public static final java.lang.String ENDPOINT_URL_ADMIN_FORM_LOGIN
        Endpoint url used for admin-level form-login of endpoints.
        See Also:
        Constant Field Values

    • Constructor Detail

      • CasWebSecurityConfigurerAdapter

        public CasWebSecurityConfigurerAdapter()

    • Method Detail

      • destroy

        public void destroy()
        Specified by:
        destroy in interface org.springframework.beans.factory.DisposableBean

      • configure

        public void configure​(org.springframework.security.config.annotation.web.builders.WebSecurity web)
        Disable Spring Security configuration for protocol endpoints allowing CAS' own security configuration to handle protection of endpoints where necessary.
        Specified by:
        configure in interface org.springframework.security.config.annotation.SecurityConfigurer<javax.servlet.Filter,​org.springframework.security.config.annotation.web.builders.WebSecurity>
        Overrides:
        configure in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
        Parameters:
        web - web security

      • configure

        protected void configure​(org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder auth)
                  throws java.lang.Exception
        Overrides:
        configure in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
        Throws:
        java.lang.Exception

      • configure

        protected void configure​(org.springframework.security.config.annotation.web.builders.HttpSecurity http)
                  throws java.lang.Exception
        Overrides:
        configure in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
        Throws:
        java.lang.Exception

      • configureEndpointAccessToDenyUndefined

        protected void configureEndpointAccessToDenyUndefined​(org.springframework.security.config.annotation.web.builders.HttpSecurity http,
                                                      org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry requests)
        Configure endpoint access to deny undefined.
        Parameters:
        http - the http
        requests - the requests

      • configureLdapAuthenticationProvider

        protected void configureLdapAuthenticationProvider​(org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder auth,
                                                   org.apereo.cas.configuration.model.core.monitor.LdapSecurityActuatorEndpointsMonitorProperties ldap)
        Configure ldap authentication provider.
        Parameters:
        auth - the auth
        ldap - the ldap

      • configureJaasAuthenticationProvider

        protected void configureJaasAuthenticationProvider​(org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder auth,
                                                   org.apereo.cas.configuration.model.core.monitor.JaasSecurityActuatorEndpointsMonitorProperties jaas)
                                            throws java.lang.Exception
        Configure jaas authentication provider.
        Parameters:
        auth - the auth
        jaas - the jaas
        Throws:
        java.lang.Exception - the exception

      • configureEndpointAccessForStaticResources

        protected void configureEndpointAccessForStaticResources​(org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry requests)
        Configure endpoint access for static resources.
        Parameters:
        requests - the requests

      • configureEndpointAccessByFormLogin

        protected void configureEndpointAccessByFormLogin​(org.springframework.security.config.annotation.web.builders.HttpSecurity http)
                                           throws java.lang.Exception
        Configure endpoint access by form login.
        Parameters:
        http - the http
        Throws:
        java.lang.Exception - the exception

      • configureEndpointAccess

        protected void configureEndpointAccess​(org.springframework.security.config.annotation.web.builders.HttpSecurity httpSecurity,
                                       org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry requests,
                                       org.apereo.cas.configuration.model.core.monitor.ActuatorEndpointProperties.EndpointAccessLevel access,
                                       org.apereo.cas.configuration.model.core.monitor.ActuatorEndpointProperties properties,
                                       org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest.EndpointRequestMatcher endpoint)
                                throws java.lang.Exception
        Configure endpoint access.
        Parameters:
        httpSecurity - the httpSecurity
        requests - the requests
        access - the access
        properties - the properties
        endpoint - the endpoint
        Throws:
        java.lang.Exception - the exception