Code-based Spring Security Configuration
https://stackoverflow.com/questions/8849162
-
27-10-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I am trying to use Spring Security framework with a code-based configuration and I am following this tutorial.
I have the following code in my initializer for the filter:
FilterRegistration.Dynamic springSecurity = servletContext.addFilter("springSecurityFilterChain", new DelegatingFilterProxy());
springSecurity.addMappingForUrlPatterns(null,true,"/*");
I think this is correct but I don't know how to implement the spring-security.xml like a bean in the @Configuration class.
Solution
Update
There was a project that provided this: "Spring Security Java Config". It was merged into spring-security-config on December 16th, 2013.
From the README.MD:
The Spring Security Java configuration can now be found in spring-security-config-3.2.0.RELEASE+ as part of the Spring Security distribution.
Original
There currently is no easy way to do Spring Security configuration with Java configuration. You must know what the namespace does behind the scenes making it difficult and error prone. For this reason, I would recommend sticking with the Spring Security namespace configuration.
If you really want to do java configuration you can define all the beans manually. To do this you will need to understand the namespace configuration. The first place to look would be Luke blog post Behind the Spring Security namespace. If you get stuck I would refer to the source code of HttpSecurityBeanDefinitionParser
Last if you would like to be on extremely (unsupported) bleeding edge, you might consider the Spring Security Scala config project. Note that this project is a side project and has not been officially released (nor do I know of any plans to officially release it at this time). You can read details about it on the Spring Security Configuration with Scala blog post. This also details out why there is not Java configuration for Spring Security. You might also find the last portion of Getting Started with Spring Security 3.1 useful as it demos the use of the Spring Security scala configuration.
OTHER TIPS
I recently scratched my own itch; being able to instantiate a Security Filter programmatically. So I put together what I call "summer security". It's a rudimentary replacement for Spring Security. If you only need sessions, form login/logout and http basic auth it could do the trick for you.
https://github.com/hencjo/summer-security
It's in Maven Central.
