Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What's the difference between 'configure' and 'configureGlobal' methods?

I'm playing around with Spring Security configuration and find out, that the most common way to configure in-memory authentication is using configureGlobal() method:

@Configuration
@EnableWebMvcSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

  @Autowired
  public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception{
    auth
      .inMemoryAuthentication()
        .withUser("user").password("userPwd").roles("USER");
  }
}

But there is another way, which is less widely used, overriding configure() method from WebSecurityConfigurerAdapter:

@Configuration
@EnableWebMvcSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

  @Override
  protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth
      .inMemoryAuthentication(
        .withUser("user").password("userPwd").roles("USER");
  }
}

I'm just wondering, what's the difference between them and what's the point of usage configureGlobal() method over configure() one?

like image 470
Nathaniele Eldritch Avatar asked Jan 26 '16 21:01

Nathaniele Eldritch


People also ask

What is Spring Security configuration?

This article is an introduction to Java configuration for Spring Security which enables users to easily configure Spring Security without the use of XML. Java configuration was added to the Spring framework in Spring 3.1 and extended to Spring Security in Spring 3.2 and is defined in a class annotated @Configuration.

What is anyRequest () authenticated ()?

anyRequest(). authenticated() is that any request must be authenticated otherwise my Spring app will return a 401 response.13-Apr-2018.

What is authorizeRequests () in Spring Security?

authorizeRequests() method each matcher is considered in the order they were declared. We specified multiple URL patterns that any user can access. Specifically, any user can access a request if the URL starts with "/resources/", equals "/signup", or equals "/about".

What is the use of AbstractSecurityWebApplicationInitializer?

AbstractSecurityWebApplicationInitializer. Creates a new instance that assumes the Spring Security configuration is loaded by some other means than this class. For example, a user might create a ContextLoaderListener using a subclass of AbstractContextLoaderInitializer .


2 Answers

This answer helped me.

Difference between registerGlobal(), configure(), configureGlobal(),configureGlobalSecurity in Spring security

If you already extend class like WebMvcConfiguratorAdapter, you have two choices for security settings.

  1. Using configureGlobal() method:

    • Single @Configuration class approach.
    • You can set security while maintaining your config class.
    • SpringWebConfig extends WebMvcConfigurerAdapter + @EnableWebSecurity
  2. Overriding configure() method:

    • Specific security @Configuration class.
    • You must create a new config class to extend WebSecurityConfiguratorAdapter for security setup.
    • MySecurityConfig extends WebSecurityConfigurerAdapter
like image 200
Shinwook Chae Avatar answered Sep 28 '22 03:09

Shinwook Chae


As the spring security doc says:

The name of the configureGlobal method is not important. However, it is important to only configure AuthenticationManagerBuilder in a class annotated with either @EnableWebSecurity, @EnableGlobalMethodSecurity, or @EnableGlobalAuthentication. Doing otherwise has unpredictable results.

like image 45
Ali Dehghani Avatar answered Sep 28 '22 03:09

Ali Dehghani