Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Code-based Spring Security Configuration

Tags:

spring-security

spring-java-config

I am trying to use Spring Security framework with a code-based configuration and I am following this tutorial.

I have the following code in my initializer for the filter:

FilterRegistration.Dynamic springSecurity = servletContext.addFilter("springSecurityFilterChain", new DelegatingFilterProxy());
springSecurity.addMappingForUrlPatterns(null,true,"/*");

I think this is correct but I don't know how to implement the spring-security.xml like a bean in the @Configuration class.

like image 314
Enrique Fernández-Polo Avatar asked Jan 13 '12 10:01

Enrique Fernández-Polo

People also ask

How do we configure security in spring boot?

For adding a Spring Boot Security to your Spring Boot application, we need to add the Spring Boot Starter Security dependency in our build configuration file. Maven users can add the following dependency in the pom. xml file. Gradle users can add the following dependency in the build.

What is the difference between WebSecurity and HttpSecurity?

Summary. We can actually consider that WebSecurity is the only external outlet for Spring Security, while HttpSecurity is just the way internal security policies are defined; WebSecurity is aligned to FilterChainProxy , while HttpSecurity is aligned to SecurityFilterChain .

1 Answers

Update

There was a project that provided this: "Spring Security Java Config". It was merged into spring-security-config on December 16th, 2013.

From the README.MD:

The Spring Security Java configuration can now be found in spring-security-config-3.2.0.RELEASE+ as part of the Spring Security distribution.

Original

There currently is no easy way to do Spring Security configuration with Java configuration. You must know what the namespace does behind the scenes making it difficult and error prone. For this reason, I would recommend sticking with the Spring Security namespace configuration.

If you really want to do java configuration you can define all the beans manually. To do this you will need to understand the namespace configuration. The first place to look would be Luke blog post Behind the Spring Security namespace. If you get stuck I would refer to the source code of HttpSecurityBeanDefinitionParser

Last if you would like to be on extremely (unsupported) bleeding edge, you might consider the Spring Security Scala config project. Note that this project is a side project and has not been officially released (nor do I know of any plans to officially release it at this time). You can read details about it on the Spring Security Configuration with Scala blog post. This also details out why there is not Java configuration for Spring Security. You might also find the last portion of Getting Started with Spring Security 3.1 useful as it demos the use of the Spring Security scala configuration.

like image 50
Rob Winch Avatar answered Oct 05 '22 06:10

Rob Winch
Sign in to Comment

Related questions

Spring security @PreAuthorize hasRole() properties injection
Spring Security maxSession doesn't work
Spring Security OAuth - Full authentication is required to access this resource
Add CSS file to Spring Boot + Spring Security Thymeleaf file
Why do we need to call http.addFilterBefore() method in spring security configure(HttpSecurity http) method?
How to disable crsf protection in @WebFluxTest?
Is Spring ACL a good ACL implementation? [closed]
Default roles in Spring Security 3.1
Grails Spring Security UI, user and Role management access
Using ROLES in jhipster?
Get _csrf in spring controller
Keycloak spring security client credential grant
Spring Boot 2.0.0 + OAuth2
Spring Security login from controller
Adding a custom filter to be invoked after spring-security filter in a Servlet 3+ environment
Spring-Security: Return Status 401 When AuthenticationManager Throws BadCredentialsException
Handle UserRedirectRequiredException (A redirect is required to get the users approval)
Spring security DefaultHttpFirewall - The requestURI cannot contain encoded slash
AbstractWebSocketMessageBrokerConfigurer in Spring-Security deprecated - is there an alternative?
Group and acl on Spring Security

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!