Class SpringSecurityAutoConfiguration

java.lang.Object
com.vaadin.flow.spring.SpringSecurityAutoConfiguration

@AutoConfiguration @ConditionalOnClass(org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer.class) @EnableConfigurationProperties(VaadinConfigurationProperties.class) public class SpringSecurityAutoConfiguration extends Object
Spring Boot auto-configuration class for the Flow Spring Security integration.

This configuration, together with the beans it exposes (such as RequestUtil), is only applied when Spring Security is on the classpath, as required by the ConditionalOnClass on WebSecurityCustomizer. The spring-security-config dependency is optional in the Vaadin Spring support, so an application that relies on these beans has to add it explicitly; otherwise the whole configuration is skipped and the beans are not created.

In a Spring Boot application this class is registered automatically through the auto-configuration import mechanism. A plain Spring application that does not use that mechanism (for example a Spring MVC application that registers the SpringServlet itself, similarly to VaadinMVCWebAppInitializer) does not pick it up via a regular component scan; register it explicitly instead, e.g. with @Import(SpringSecurityAutoConfiguration.class) or by adding it to the configuration classes, and make sure spring-security-config is present.

Author:
Vaadin Ltd
  • Constructor Details

    • SpringSecurityAutoConfiguration

      public SpringSecurityAutoConfiguration()
  • Method Details

    • vaadinDefaultRequestCache

      @Bean public VaadinDefaultRequestCache vaadinDefaultRequestCache()
      Makes the default request cache available for security configuration.
      Returns:
      the default request cache
    • annotatedViewAccessChecker

      @Bean public com.vaadin.flow.server.auth.AnnotatedViewAccessChecker annotatedViewAccessChecker(com.vaadin.flow.server.auth.AccessAnnotationChecker accessAnnotationChecker)
      Makes the default annotation based view access checker available for security configuration.
      Parameters:
      accessAnnotationChecker - the AccessAnnotationChecker bean to use
      Returns:
      the default view access checker
    • routePathAccessChecker

      @Bean public com.vaadin.flow.server.auth.RoutePathAccessChecker routePathAccessChecker(com.vaadin.flow.server.auth.AccessPathChecker accessPathChecker)
      Makes the default route path access checker available for security configuration.
      Parameters:
      accessPathChecker - the AccessPathChecker bean to use
      Returns:
      the default route path access checker
    • accessPatchChecker

      @Bean @ConditionalOnMissingBean public com.vaadin.flow.server.auth.AccessPathChecker accessPatchChecker(VaadinConfigurationProperties vaadinProperties, @Lazy org.springframework.security.web.access.WebInvocationPrivilegeEvaluator evaluator)
      Makes the default route path access checker available for security configuration.
      Parameters:
      vaadinProperties - vaadin configuration properties
      evaluator - URI privileges evaluator
      Returns:
      the default route path access checker
    • accessAnnotationChecker

      @Bean @ConditionalOnMissingBean public com.vaadin.flow.server.auth.AccessAnnotationChecker accessAnnotationChecker()
      Makes the default access annotation checker available for security configuration.

      Fusion makes this bean available by default but if Fusion is excluded from the project, we make it available here

      Returns:
      the default access annotation checker
    • requestUtil

      @Bean public RequestUtil requestUtil()
      Makes the request util available.
      Returns:
      the request util
    • vaadinRolePrefixHolder

      @Bean @ConditionalOnMissingBean public VaadinRolePrefixHolder vaadinRolePrefixHolder(Optional<org.springframework.security.config.core.GrantedAuthorityDefaults> grantedAuthorityDefaults)
      Makes role prefix holder available for security configuration.
      Parameters:
      grantedAuthorityDefaults - Optional granted authority defaults bean for the default role prefix
      Returns:
      the role prefix holder