Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What's the difference between 'configure' and 'configureGlobal' methods?

Tags:

java

spring

spring-security

I'm playing around with Spring Security configuration and find out, that the most common way to configure in-memory authentication is using configureGlobal() method:

@Configuration
@EnableWebMvcSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

  @Autowired
  public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception{
    auth
      .inMemoryAuthentication()
        .withUser("user").password("userPwd").roles("USER");
  }
}

But there is another way, which is less widely used, overriding configure() method from WebSecurityConfigurerAdapter:

@Configuration
@EnableWebMvcSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

  @Override
  protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth
      .inMemoryAuthentication(
        .withUser("user").password("userPwd").roles("USER");
  }
}

I'm just wondering, what's the difference between them and what's the point of usage configureGlobal() method over configure() one?

like image 470
Nathaniele Eldritch Avatar asked Jan 26 '16 21:01

Nathaniele Eldritch

People also ask

What is Spring Security configuration?

This article is an introduction to Java configuration for Spring Security which enables users to easily configure Spring Security without the use of XML. Java configuration was added to the Spring framework in Spring 3.1 and extended to Spring Security in Spring 3.2 and is defined in a class annotated @Configuration.

What is anyRequest () authenticated ()?

anyRequest(). authenticated() is that any request must be authenticated otherwise my Spring app will return a 401 response.13-Apr-2018.

What is authorizeRequests () in Spring Security?

authorizeRequests() method each matcher is considered in the order they were declared. We specified multiple URL patterns that any user can access. Specifically, any user can access a request if the URL starts with "/resources/", equals "/signup", or equals "/about".

What is the use of AbstractSecurityWebApplicationInitializer?

AbstractSecurityWebApplicationInitializer. Creates a new instance that assumes the Spring Security configuration is loaded by some other means than this class. For example, a user might create a ContextLoaderListener using a subclass of AbstractContextLoaderInitializer .

2 Answers

This answer helped me.

Difference between registerGlobal(), configure(), configureGlobal(),configureGlobalSecurity in Spring security

If you already extend class like WebMvcConfiguratorAdapter, you have two choices for security settings.

  1. Using configureGlobal() method:

    • Single @Configuration class approach.
    • You can set security while maintaining your config class.
    • SpringWebConfig extends WebMvcConfigurerAdapter + @EnableWebSecurity

  2. Overriding configure() method:

    • Specific security @Configuration class.
    • You must create a new config class to extend WebSecurityConfiguratorAdapter for security setup.
    • MySecurityConfig extends WebSecurityConfigurerAdapter
like image 200
Shinwook Chae Avatar answered Sep 28 '22 03:09

Shinwook Chae

As the spring security doc says:

The name of the configureGlobal method is not important. However, it is important to only configure AuthenticationManagerBuilder in a class annotated with either @EnableWebSecurity, @EnableGlobalMethodSecurity, or @EnableGlobalAuthentication. Doing otherwise has unpredictable results.

like image 45
Ali Dehghani Avatar answered Sep 28 '22 03:09

Ali Dehghani
Sign in to Comment

Related questions

What is the Spring equivalent to FactoryModuleBuilder, @AssistedInject, and @Assisted in Guice?
Is this esoteric generics error a compiler bug or a new restriction? (inferred type does not conform to upper bounds)
System.out.println in android test
Draw multi object diagram in fragment
Converting Spring task XML configuration to code configuration
Parsing multiple sentences with MaltParser using NLTK
missing rows with empty value in hibernate query
JimFS: how to get File from Path
"folder has not yet been created" error when using JUnit temporary folder in testclass
Explain behaviors in mapping auto incremented composite id sequence with Hibernate
Kotlin Code compiled to Jar to be used for Java Project?
How do I remove certain HTTP headers added by Spring's RestTemplate?
Making N sequential api calls using RxJava and Retrofit
Remove .html extension using Google Appengine with Java
Download files from Google Storage using Java
Java : Compare, mark and interpret HTML texts in Java
JavaFx Could not load @font-face font because of com.sun.javafx.css.StyleManager loadStylesheetUnPrivileged
Modify @OneToMany entity in Spring Data Rest without its repository
How to cache server results in GWT with guava?
Should I return CompletableFuture or Future when defining API?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!