Class AbstractLogoutWebSecurity
java.lang.Object
com.emc.documentum.rest.context.jc.AbstractWebSecurity
com.emc.documentum.rest.context.jc.AbstractLogoutWebSecurity
- All Implemented Interfaces:
org.springframework.beans.factory.InitializingBean
Provides a convenient base class for creating a customize Documentum REST Services logout authentication scheme.
The implementation allows customization by overriding methods.
The implementation can be made conditional when it is annotated by
AuthSchemeProfile.- See Also:
-
Field Summary
Fields inherited from class com.emc.documentum.rest.context.jc.AbstractWebSecurity
defaultRT, httpFirewall -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoidSet properties after the bean initialization.protected org.springframework.security.authentication.AuthenticationProvider[]Return client token authentication provider by default.voidconfigure(org.springframework.security.config.annotation.web.builders.WebSecurity web) No customization is required for the web security.protected voidconfigureSecurityFilters(org.springframework.security.config.annotation.web.builders.HttpSecurity http) Configures the HTTP security for the custom logout.protected org.springframework.security.web.AuthenticationEntryPointNo entry point is required by default.protected org.springframework.security.config.annotation.web.builders.HttpSecurityinterceptUrl(org.springframework.security.config.annotation.web.builders.HttpSecurity http) Configures the URL pattern for the HTTP security fromsetLogoutUrl(String).protected List<org.springframework.security.web.authentication.logout.LogoutHandler>Configures the handlers to implement things while logging out.protected voidsetLogoutSuccessUrl(String logoutSuccessUrl) Configures the logout success redirect URL.protected voidsetLogoutUrl(String logoutUrl) Configures the logout URL.Methods inherited from class com.emc.documentum.rest.context.jc.AbstractWebSecurity
base, cacheControl, configure, configure, contentTypeOptions, disableLogout, errorHandling, headers, hsts, secureChannel, securityFilterChain, sessions, setLogout, setRequireHttps, setRootAuthUrl, webSecurityCustomizer, xFrameOptions, xssProtection
-
Constructor Details
-
AbstractLogoutWebSecurity
public AbstractLogoutWebSecurity()Default constructor.AbstractWebSecurity.setLogout(boolean)is set totrue.
-
-
Method Details
-
setLogoutUrl
Configures the logout URL. Defaults toDefaultSecurityRuntime.logoutUrl.- Parameters:
logoutUrl- the logout URL
-
setLogoutSuccessUrl
Configures the logout success redirect URL. Defaults toDefaultSecurityRuntime.logoutSuccessUrl.- Parameters:
logoutSuccessUrl- the logout success URL
-
afterPropertiesSet
Description copied from class:AbstractWebSecuritySet properties after the bean initialization. The overriding method in subclasses must call "super.afterPropertiesSet()" before its own properties setting.- Specified by:
afterPropertiesSetin interfaceorg.springframework.beans.factory.InitializingBean- Overrides:
afterPropertiesSetin classAbstractWebSecurity- Throws:
Exception- for properties setting errors
-
authenticationProviders
protected org.springframework.security.authentication.AuthenticationProvider[] authenticationProviders()Return client token authentication provider by default.- Specified by:
authenticationProvidersin classAbstractWebSecurity- Returns:
- client token authentication provider
-
entryPoint
protected org.springframework.security.web.AuthenticationEntryPoint entryPoint()No entry point is required by default.- Specified by:
entryPointin classAbstractWebSecurity- Returns:
- null
-
configure
public void configure(org.springframework.security.config.annotation.web.builders.WebSecurity web) No customization is required for the web security.- Overrides:
configurein classAbstractWebSecurity- Parameters:
web- the web security
-
configureSecurityFilters
protected void configureSecurityFilters(org.springframework.security.config.annotation.web.builders.HttpSecurity http) throws Exception Configures the HTTP security for the custom logout. Fundamental security configurations are applied to the input HTTP security. The implementation can completely override this method with Spring security guide, but to be noted that all fundamental security configurations provided by Documentum REST Services are lost in the overriding method. So it is not suggested to override this method in a custom authentication unless you are fully aware of the security internals.- Specified by:
configureSecurityFiltersin classAbstractWebSecurity- Parameters:
http- the customized HTTP security- Throws:
Exception- when there are configuration errors
-
interceptUrl
protected org.springframework.security.config.annotation.web.builders.HttpSecurity interceptUrl(org.springframework.security.config.annotation.web.builders.HttpSecurity http) throws Exception Configures the URL pattern for the HTTP security fromsetLogoutUrl(String).- Overrides:
interceptUrlin classAbstractWebSecurity- Parameters:
http- HTTP security configuration- Returns:
- the customized HTTP security
- Throws:
Exception- when there are configuration errors
-
logoutHandlers
protected List<org.springframework.security.web.authentication.logout.LogoutHandler> logoutHandlers()Configures the handlers to implement things while logging out. By overriding this method, subclass can customize its own handlers for logout.- Returns:
- the list of LogoutHandler
-