Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Code-based Spring Security Configuration

I am trying to use Spring Security framework with a code-based configuration and I am following this tutorial.

I have the following code in my initializer for the filter:

FilterRegistration.Dynamic springSecurity = servletContext.addFilter("springSecurityFilterChain", new DelegatingFilterProxy());
springSecurity.addMappingForUrlPatterns(null,true,"/*");

I think this is correct but I don't know how to implement the spring-security.xml like a bean in the @Configuration class.

like image 314
Enrique Fernández-Polo Avatar asked Jan 13 '12 10:01

Enrique Fernández-Polo


People also ask

How do we configure security in spring boot?

For adding a Spring Boot Security to your Spring Boot application, we need to add the Spring Boot Starter Security dependency in our build configuration file. Maven users can add the following dependency in the pom. xml file. Gradle users can add the following dependency in the build.

What is the difference between WebSecurity and HttpSecurity?

Summary. We can actually consider that WebSecurity is the only external outlet for Spring Security, while HttpSecurity is just the way internal security policies are defined; WebSecurity is aligned to FilterChainProxy , while HttpSecurity is aligned to SecurityFilterChain .


1 Answers

Update

There was a project that provided this: "Spring Security Java Config". It was merged into spring-security-config on December 16th, 2013.

From the README.MD:

The Spring Security Java configuration can now be found in spring-security-config-3.2.0.RELEASE+ as part of the Spring Security distribution.


Original

There currently is no easy way to do Spring Security configuration with Java configuration. You must know what the namespace does behind the scenes making it difficult and error prone. For this reason, I would recommend sticking with the Spring Security namespace configuration.

If you really want to do java configuration you can define all the beans manually. To do this you will need to understand the namespace configuration. The first place to look would be Luke blog post Behind the Spring Security namespace. If you get stuck I would refer to the source code of HttpSecurityBeanDefinitionParser

Last if you would like to be on extremely (unsupported) bleeding edge, you might consider the Spring Security Scala config project. Note that this project is a side project and has not been officially released (nor do I know of any plans to officially release it at this time). You can read details about it on the Spring Security Configuration with Scala blog post. This also details out why there is not Java configuration for Spring Security. You might also find the last portion of Getting Started with Spring Security 3.1 useful as it demos the use of the Spring Security scala configuration.

like image 50
Rob Winch Avatar answered Oct 05 '22 06:10

Rob Winch