Class SpringSecurityAutoConfiguration
This configuration, together with the beans it exposes (such as
RequestUtil), is only applied when Spring Security is on the
classpath, as required by the ConditionalOnClass on
WebSecurityCustomizer. The spring-security-config dependency
is optional in the Vaadin Spring support, so an application that relies on
these beans has to add it explicitly; otherwise the whole configuration is
skipped and the beans are not created.
In a Spring Boot application this class is registered automatically through
the auto-configuration import mechanism. A plain Spring application that does
not use that mechanism (for example a Spring MVC application that registers
the SpringServlet itself, similarly to
VaadinMVCWebAppInitializer) does not pick it up via a regular
component scan; register it explicitly instead, e.g. with
@Import(SpringSecurityAutoConfiguration.class) or by adding it to the
configuration classes, and make sure spring-security-config is
present.
- Author:
- Vaadin Ltd
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptioncom.vaadin.flow.server.auth.AccessAnnotationCheckerMakes the default access annotation checker available for security configuration.com.vaadin.flow.server.auth.AccessPathCheckeraccessPatchChecker(VaadinConfigurationProperties vaadinProperties, org.springframework.security.web.access.WebInvocationPrivilegeEvaluator evaluator) Makes the default route path access checker available for security configuration.com.vaadin.flow.server.auth.AnnotatedViewAccessCheckerannotatedViewAccessChecker(com.vaadin.flow.server.auth.AccessAnnotationChecker accessAnnotationChecker) Makes the default annotation based view access checker available for security configuration.com.vaadin.flow.server.auth.NavigationAccessControlnavigationAccessControl(List<com.vaadin.flow.server.auth.NavigationAccessChecker> accessCheckerList, NavigationAccessControlConfigurer configurer) Makes the default navigation access control available for security configuration.navigationAccessControlInitializer(com.vaadin.flow.server.auth.NavigationAccessControl accessControl) Makes the default navigation access control initializer available for security configuration.Makes the request util available.com.vaadin.flow.server.auth.RoutePathAccessCheckerroutePathAccessChecker(com.vaadin.flow.server.auth.AccessPathChecker accessPathChecker) Makes the default route path access checker available for security configuration.Makes the default request cache available for security configuration.vaadinRolePrefixHolder(Optional<org.springframework.security.config.core.GrantedAuthorityDefaults> grantedAuthorityDefaults) Makes role prefix holder available for security configuration.
-
Constructor Details
-
SpringSecurityAutoConfiguration
public SpringSecurityAutoConfiguration()
-
-
Method Details
-
vaadinDefaultRequestCache
Makes the default request cache available for security configuration.- Returns:
- the default request cache
-
annotatedViewAccessChecker
@Bean public com.vaadin.flow.server.auth.AnnotatedViewAccessChecker annotatedViewAccessChecker(com.vaadin.flow.server.auth.AccessAnnotationChecker accessAnnotationChecker) Makes the default annotation based view access checker available for security configuration.- Parameters:
accessAnnotationChecker- theAccessAnnotationCheckerbean to use- Returns:
- the default view access checker
-
routePathAccessChecker
@Bean public com.vaadin.flow.server.auth.RoutePathAccessChecker routePathAccessChecker(com.vaadin.flow.server.auth.AccessPathChecker accessPathChecker) Makes the default route path access checker available for security configuration.- Parameters:
accessPathChecker- theAccessPathCheckerbean to use- Returns:
- the default route path access checker
-
accessPatchChecker
@Bean @ConditionalOnMissingBean public com.vaadin.flow.server.auth.AccessPathChecker accessPatchChecker(VaadinConfigurationProperties vaadinProperties, @Lazy org.springframework.security.web.access.WebInvocationPrivilegeEvaluator evaluator) Makes the default route path access checker available for security configuration.- Parameters:
vaadinProperties- vaadin configuration propertiesevaluator- URI privileges evaluator- Returns:
- the default route path access checker
-
accessAnnotationChecker
@Bean @ConditionalOnMissingBean public com.vaadin.flow.server.auth.AccessAnnotationChecker accessAnnotationChecker()Makes the default access annotation checker available for security configuration.Fusion makes this bean available by default but if Fusion is excluded from the project, we make it available here
- Returns:
- the default access annotation checker
-
requestUtil
Makes the request util available.- Returns:
- the request util
-
vaadinRolePrefixHolder
@Bean @ConditionalOnMissingBean public VaadinRolePrefixHolder vaadinRolePrefixHolder(Optional<org.springframework.security.config.core.GrantedAuthorityDefaults> grantedAuthorityDefaults) Makes role prefix holder available for security configuration.- Parameters:
grantedAuthorityDefaults- Optional granted authority defaults bean for the default role prefix- Returns:
- the role prefix holder
-