Class IdentityManagementConfiguration
java.lang.Object
com.vaadin.flow.spring.security.VaadinWebSecurity
com.vaadin.controlcenter.starter.idm.IdentityManagementConfiguration
@AutoConfiguration
@EnableWebSecurity
@ConditionalOnCloudPlatform(KUBERNETES)
@ConditionalOnMissingBean(IdentityManagementConfiguration.class)
@EnableConfigurationProperties(IdentityManagementProperties.class)
public class IdentityManagementConfiguration
extends com.vaadin.flow.spring.security.VaadinWebSecurity
This configuration bean is provided to autoconfigure the security to allow
single sign-on against identity provider used in Control Center.
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected voidconfigure(org.springframework.security.config.annotation.web.builders.HttpSecurity http) org.springframework.security.web.SecurityFilterChainfilterChain(org.springframework.security.config.annotation.web.builders.HttpSecurity http) com.vaadin.flow.spring.security.AuthenticationContextprotected voidignoreInternalRequests(org.springframework.security.config.annotation.web.configurers.CsrfConfigurer<org.springframework.security.config.annotation.web.builders.HttpSecurity> csrf) static Collection<? extends org.springframework.security.core.GrantedAuthority>mapAuthorities(org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest userRequest, org.springframework.security.oauth2.core.oidc.OidcUserInfo userInfo) Maps authorities fromOidcUserRequestandOidcUserInfoto a collection ofGrantedAuthoritythat includes Keycloak's realm and client roles.protected voidrequestWhitelist(org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer<org.springframework.security.config.annotation.web.builders.HttpSecurity>.org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry urlRegistry) org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizerprotected voidwithIdentityManagementDisabled(org.springframework.security.config.annotation.web.builders.HttpSecurity http) protected voidwithIdentityManagementEnabled(org.springframework.security.config.annotation.web.builders.HttpSecurity http) Methods inherited from class com.vaadin.flow.spring.security.VaadinWebSecurity
addLogoutHandlers, antMatchers, applyUrlMapping, configure, enableNavigationAccessControl, getDefaultHttpSecurityPermitMatcher, getDefaultHttpSecurityPermitMatcher, getDefaultWebSecurityIgnoreMatcher, getDefaultWebSecurityIgnoreMatcher, getNavigationAccessControl, getViewAccessChecker, oidcLogoutSuccessHandler, pathMatchers, routeMatchers, routePathMatchers, setLoginView, setLoginView, setLoginView, setLoginView, setOAuth2LoginPage, setOAuth2LoginPage, setStatelessAuthentication, setStatelessAuthentication
-
Constructor Details
-
IdentityManagementConfiguration
public IdentityManagementConfiguration()
-
-
Method Details
-
filterChain
@Bean(name="VaadinSecurityFilterChainBean") @ConditionalOnMissingBean(name="VaadinSecurityFilterChainBean") @RefreshScope public org.springframework.security.web.SecurityFilterChain filterChain(org.springframework.security.config.annotation.web.builders.HttpSecurity http) throws Exception - Overrides:
filterChainin classcom.vaadin.flow.spring.security.VaadinWebSecurity- Throws:
Exception
-
webSecurityCustomizer
@Bean(name="VaadinWebSecurityCustomizerBean") @ConditionalOnMissingBean(name="VaadinWebSecurityCustomizerBean") @RefreshScope public org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer webSecurityCustomizer()- Overrides:
webSecurityCustomizerin classcom.vaadin.flow.spring.security.VaadinWebSecurity
-
getAuthenticationContext
@Bean(name="VaadinAuthenticationContext") @ConditionalOnMissingBean(name="VaadinAuthenticationContext") @RefreshScope public com.vaadin.flow.spring.security.AuthenticationContext getAuthenticationContext()- Overrides:
getAuthenticationContextin classcom.vaadin.flow.spring.security.VaadinWebSecurity
-
configure
protected void configure(org.springframework.security.config.annotation.web.builders.HttpSecurity http) throws Exception - Overrides:
configurein classcom.vaadin.flow.spring.security.VaadinWebSecurity- Throws:
Exception
-
withIdentityManagementEnabled
protected void withIdentityManagementEnabled(org.springframework.security.config.annotation.web.builders.HttpSecurity http) throws Exception - Throws:
Exception
-
withIdentityManagementDisabled
protected void withIdentityManagementDisabled(org.springframework.security.config.annotation.web.builders.HttpSecurity http) throws Exception - Throws:
Exception
-
requestWhitelist
protected void requestWhitelist(org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer<org.springframework.security.config.annotation.web.builders.HttpSecurity>.org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry urlRegistry) -
ignoreInternalRequests
protected void ignoreInternalRequests(org.springframework.security.config.annotation.web.configurers.CsrfConfigurer<org.springframework.security.config.annotation.web.builders.HttpSecurity> csrf) -
mapAuthorities
public static Collection<? extends org.springframework.security.core.GrantedAuthority> mapAuthorities(org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest userRequest, org.springframework.security.oauth2.core.oidc.OidcUserInfo userInfo) Maps authorities fromOidcUserRequestandOidcUserInfoto a collection ofGrantedAuthoritythat includes Keycloak's realm and client roles.- Parameters:
userRequest- the request containing the ID token and access tokenuserInfo- the user info containing the user attributes- Returns:
- a collection of
GrantedAuthority
-