Document how to customize OneTimeTokenService

Closes gh-15743
2024-09-06 09:39:20 -03:00 · 2024-09-06 09:39:20 -03:00 · 6417eb7159
parent 6428bf2bd8
commit 6417eb7159
1 changed files with 153 additions and 12 deletions
--- a/docs/modules/ROOT/pages/servlet/authentication/onetimetoken.adoc
+++ b/docs/modules/ROOT/pages/servlet/authentication/onetimetoken.adoc
@ -31,18 +31,20 @@ The One-Time Token Login works in two major steps.
 1. User requests a token by submitting their user identifier, usually the username, and the token is delivered to them, often as a Magic Link, via e-mail, SMS, etc.
 2. User submits the token to the one-time token login endpoint and, if valid, the user gets logged in.
 In the following sections we will explore how to configure OTT Login for your needs.
 - <<default-pages,Understanding the integration with the default generated login page>>
 - <<sending-token-to-user,Sending the token to the user>>
 - <<changing-submit-page-url,Configuring the One-Time Token submit page>>
 - <<changing-generate-url,Changing the One-Time Token generate URL>>
 - <<customize-generate-consume-token,Customize how to generate and consume tokens>>
 [[default-pages]]
 == Default Login Page and Default One-Time Token Submit Page
 The `oneTimeTokenLogin()` DSL can be used in conjunction with `formLogin()`, which will produce an additional One-Time Token Request Form in the xref:servlet/authentication/passwords/form.adoc[default generated login page].
 It will also set up the javadoc:org.springframework.security.web.authentication.ui.DefaultOneTimeTokenSubmitPageGeneratingFilter[] to generate a default One-Time Token submit page.
 In the following sections we will explore how to configure OTT Login for your needs.
 - <<sending-token-to-user,Sending the token to the user>>
 - <<changing-submit-page-url,Configuring the One-Time Token submit page>>
 - <<changing-generate-url,Changing the One-Time Token generate URL>>
 [[sending-token-to-user]]
 == Sending the Token to the User
@ -63,7 +65,7 @@ Java::
 public class SecurityConfig {
    @Bean
-    public SecurityFilterChain filterChain(HttpSecurity http, MagicLinkGeneratedOneTimeTokenSuccessHandler magicLinkSender) {
+    public SecurityFilterChain filterChain(HttpSecurity http, MagicLinkGeneratedOneTimeTokenHandler magicLinkSender) {
        http
            // ...
            .formLogin(Customizer.withDefaults())
@ -77,7 +79,7 @@ import org.springframework.mail.SimpleMailMessage;
 import org.springframework.mail.javamail.JavaMailSender;
@Component <1>
-public class MagicLinkGeneratedOneTimeTokenSuccessHandler implements GeneratedOneTimeTokenHandler {
+public class MagicLinkGeneratedOneTimeTokenHandler implements GeneratedOneTimeTokenSuccessHandler {
    private final MailSender mailSender;
@ -177,7 +179,7 @@ class PageController {
 ----
 ======
-<1> Make the `MagicLinkGeneratedOneTimeTokenSuccessHandler` a Spring bean
+<1> Make the `MagicLinkGeneratedOneTimeTokenHandler` a Spring bean
 <2> Create a login processing URL with the `token` as a query param
 <3> Retrieve the user's email based on the username
 <4> Use the `JavaMailSender` API to send the email to the user with the magic link
@ -220,7 +222,7 @@ public class SecurityConfig {
 }
@Component
-public class MagicLinkGeneratedOneTimeTokenSuccessHandler implements GeneratedOneTimeTokenHandler {
+public class MagicLinkGeneratedOneTimeTokenHandler implements GeneratedOneTimeTokenSuccessHandler {
    // ...
 }
 ----
@ -284,7 +286,7 @@ public class SecurityConfig {
 }
@Component
-public class MagicLinkGeneratedOneTimeTokenSuccessHandler implements GeneratedOneTimeTokenSuccessHandler {
+public class MagicLinkGeneratedOneTimeTokenHandler implements GeneratedOneTimeTokenSuccessHandler {
    // ...
 }
 ----
@ -360,7 +362,7 @@ public class MyController {
 }
@Component
-public class MagicLinkGeneratedOneTimeTokenSuccessHandler implements GeneratedOneTimeTokenSuccessHandler {
+public class MagicLinkGeneratedOneTimeTokenHandler implements GeneratedOneTimeTokenSuccessHandler {
    // ...
 }
 ----
@ -405,4 +407,143 @@ class MagicLinkGeneratedOneTimeTokenSuccessHandler : GeneratedOneTimeTokenHandle
 ----
 ======
 [[customize-generate-consume-token]]
 == Customize How to Generate and Consume One-Time Tokens
 The interface that define the common operations for generating and consuming one-time tokens is the javadoc:org.springframework.security.authentication.ott.OneTimeTokenService[].
 Spring Security uses the javadoc:org.springframework.security.authentication.ott.InMemoryOneTimeTokenService[] as the default implementation of that interface, if none is provided.
 Some of the most common reasons to customize the `OneTimeTokenService` are, but not limited to:
 - Changing the one-time token expire time
 - Storing more information from the generate token request
 - Changing how the token value is created
 - Additional validation when consuming a one-time token
 There are two options to customize the `OneTimeTokenService`.
 One option is to provide it as a bean, so it can be automatically be picked-up by the `oneTimeTokenLogin()` DSL:
 .Passing the OneTimeTokenService as a Bean
 [tabs]
 ======
 Java::
 +
 [source,java,role="primary"]
 ----
@Configuration
@EnableWebSecurity
 public class SecurityConfig {
    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) {
        http
            // ...
            .formLogin(Customizer.withDefaults())
            .oneTimeTokenLogin(Customizer.withDefaults());
        return http.build();
    }
    @Bean
    public OneTimeTokenService oneTimeTokenService() {
        return new MyCustomOneTimeTokenService();
    }
 }
@Component
 public class MagicLinkGeneratedOneTimeTokenHandler implements GeneratedOneTimeTokenSuccessHandler {
    // ...
 }
 ----
 Kotlin::
 +
 [source,kotlin,role="secondary"]
 ----
@Configuration
@EnableWebSecurity
 class SecurityConfig {
    @Bean
    open fun filterChain(http: HttpSecurity): SecurityFilterChain {
        http {
            //...
            formLogin { }
            oneTimeTokenLogin { }
        }
        return http.build()
    }
    @Bean
    open fun oneTimeTokenService(): OneTimeTokenService {
        return MyCustomOneTimeTokenService()
    }
 }
@Component
 class MagicLinkGeneratedOneTimeTokenSuccessHandler : GeneratedOneTimeTokenHandler {
     // ...
 }
 ----
 ======
 The second option is to pass the `OneTimeTokenService` instance to the DSL, which is useful if there are multiple `SecurityFilterChain` and a different `OneTimeTokenService` is needed for each of them.
 .Passing the OneTimeTokenService using the DSL
 [tabs]
 ======
 Java::
 +
 [source,java,role="primary"]
 ----
@Configuration
@EnableWebSecurity
 public class SecurityConfig {
    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) {
        http
            // ...
            .formLogin(Customizer.withDefaults())
            .oneTimeTokenLogin((ott) -> ott
                .oneTimeTokenService(new MyCustomOneTimeTokenService())
            );
        return http.build();
    }
 }
@Component
 public class MagicLinkGeneratedOneTimeTokenHandler implements GeneratedOneTimeTokenSuccessHandler {
    // ...
 }
 ----
 Kotlin::
 +
 [source,kotlin,role="secondary"]
 ----
@Configuration
@EnableWebSecurity
 class SecurityConfig {
    @Bean
    open fun filterChain(http: HttpSecurity): SecurityFilterChain {
        http {
            //...
            formLogin { }
            oneTimeTokenLogin {
                oneTimeTokenService = MyCustomOneTimeTokenService()
            }
        }
        return http.build()
    }
 }
@Component
 class MagicLinkGeneratedOneTimeTokenSuccessHandler : GeneratedOneTimeTokenHandler {
     // ...
 }
 ----
 ======