Menu
I've been using spring boot for some projects lately and I really like it. For a new project, we'd like to use tomcat-users.xml for really basic authentication, but I can't figure out how to use the mechanism without a web.xml file. Most people using spring boot seem to be using spring security.
Is it possible to use tomcat container security with the spring boot java config model? I understand this breaks the runnable jar paradigm but we're planning to deploy this as a war anyway.
428
For adding a Spring Boot Security to your Spring Boot application, we need to add the Spring Boot Starter Security dependency in our build configuration file. Maven users can add the following dependency in the pom. xml file. Gradle users can add the following dependency in the build.
Running your Spring Boot application in a Docker container has numerous benefits. First, Docker's friendly, CLI-based workflow lets developers build, share, and run containerized Spring applications for other developers of all skill levels.
Spring Boot provides a spring-boot-starter-security starter that aggregates Spring Security related dependencies together. The simplest and preferred method to use the starter is to use Spring Initializr by using an IDE integration (Eclipse, IntelliJ, NetBeans) or through start.spring.io.
The Spring Boot starters ( spring-boot-starter-web in particular) use Tomcat as an embedded container by default.
From official Spring doc:
WEB-INF/web.xml and WebApplicationInitializer use are not mutually exclusive; for example, web.xml can register one servlet, and a WebApplicationInitializer can register another. An initializer can even modify registrations performed in web.xml through methods such as ServletContext.getServletRegistration(String). However, if WEB-INF/web.xml is present in the application, its version attribute must be set to "3.0" or greater, otherwise ServletContainerInitializer bootstrapping will be ignored by the servlet container.
So, I solved with both WebApplicationInitializer (SpringBootServletInitializer extends WebApplicationInitializer) and web.xml.
Spring Boot Java Config Class:
@SpringBootApplication
public class MyApplication extends SpringBootServletInitializer {
@Override
protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
return application.sources(MyApplication.class);
}
public static void main(String[] args) {
SpringApplication.run(MyApplication.class, args);
}
//...
}
web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
metadata-complete="false" version="3.0">
<display-name>My Awesome Application</display-name>
<security-constraint>
<web-resource-collection>
<web-resource-name>My Awesome Resource Name</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>myawesomerole</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
</web-app>
See also: Using Tomcat Basic Auth with new WebApplicationInitializer
185
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
