SEC-2361: Java Config Sampels use @Autowired AuthenticationManagerBuilder
This commit is contained in:
Rob Winch
parent
e50b587d60
commit
0978c12c47
|
|
@ -16,6 +16,9 @@
|
|||
package org.springframework.security.config.annotation.web.configuration;
|
||||
|
||||
|
||||
import java.util.Arrays;
|
||||
import java.util.List;
|
||||
|
||||
import javax.servlet.Filter;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
|
|
@ -269,7 +272,8 @@ public abstract class WebSecurityConfigurerAdapter implements SecurityConfigurer
|
|||
* @see {@link #userDetailsService()}
|
||||
*/
|
||||
public UserDetailsService userDetailsServiceBean() throws Exception {
|
||||
return new UserDetailsServiceDelegator(parentAuthenticationBuilder);
|
||||
AuthenticationManagerBuilder globalAuthBuilder = context.getBean(AuthenticationManagerBuilder.class);
|
||||
return new UserDetailsServiceDelegator(Arrays.asList(parentAuthenticationBuilder, globalAuthBuilder));
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -281,7 +285,8 @@ public abstract class WebSecurityConfigurerAdapter implements SecurityConfigurer
|
|||
* @return
|
||||
*/
|
||||
protected UserDetailsService userDetailsService() {
|
||||
return parentAuthenticationBuilder.getDefaultUserDetailsService();
|
||||
AuthenticationManagerBuilder globalAuthBuilder = context.getBean(AuthenticationManagerBuilder.class);
|
||||
return new UserDetailsServiceDelegator(Arrays.asList(parentAuthenticationBuilder, globalAuthBuilder));
|
||||
}
|
||||
|
||||
public void init(final WebSecurity web) throws Exception {
|
||||
|
|
@ -362,12 +367,12 @@ public abstract class WebSecurityConfigurerAdapter implements SecurityConfigurer
|
|||
* @since 3.2
|
||||
*/
|
||||
static final class UserDetailsServiceDelegator implements UserDetailsService {
|
||||
private AuthenticationManagerBuilder delegateBuilder;
|
||||
private List<AuthenticationManagerBuilder> delegateBuilders;
|
||||
private UserDetailsService delegate;
|
||||
private final Object delegateMonitor = new Object();
|
||||
|
||||
UserDetailsServiceDelegator(AuthenticationManagerBuilder authentication) {
|
||||
this.delegateBuilder = authentication;
|
||||
UserDetailsServiceDelegator(List<AuthenticationManagerBuilder> delegateBuilders) {
|
||||
this.delegateBuilders = delegateBuilders;
|
||||
}
|
||||
|
||||
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
|
||||
|
|
@ -377,8 +382,17 @@ public abstract class WebSecurityConfigurerAdapter implements SecurityConfigurer
|
|||
|
||||
synchronized(delegateMonitor) {
|
||||
if (delegate == null) {
|
||||
delegate = this.delegateBuilder.getDefaultUserDetailsService();
|
||||
this.delegateBuilder = null;
|
||||
for(AuthenticationManagerBuilder delegateBuilder : delegateBuilders) {
|
||||
delegate = delegateBuilder.getDefaultUserDetailsService();
|
||||
if(delegate != null) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if(delegate == null) {
|
||||
throw new IllegalStateException("UserDetailsService is required.");
|
||||
}
|
||||
this.delegateBuilders = null;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -69,10 +69,10 @@ abstract class BaseSpringSpec extends Specification {
|
|||
setupCsrf()
|
||||
}
|
||||
|
||||
def setupCsrf(csrfTokenValue="BaseSpringSpec_CSRFTOKEN") {
|
||||
def setupCsrf(csrfTokenValue="BaseSpringSpec_CSRFTOKEN",req=request,resp=response) {
|
||||
csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN","_csrf",csrfTokenValue)
|
||||
new HttpSessionCsrfTokenRepository().saveToken(csrfToken, request,response)
|
||||
request.setParameter(csrfToken.parameterName, csrfToken.token)
|
||||
new HttpSessionCsrfTokenRepository().saveToken(csrfToken, req, resp)
|
||||
req.setParameter(csrfToken.parameterName, csrfToken.token)
|
||||
}
|
||||
|
||||
AuthenticationManagerBuilder authenticationBldr = new AuthenticationManagerBuilder(ObjectPostProcessor.QUIESCENT_POSTPROCESSOR).inMemoryAuthentication().and()
|
||||
|
|
|
|||
|
|
@ -283,10 +283,12 @@ public class NamespaceRememberMeTests extends BaseSpringSpec {
|
|||
def "http/remember-me defaults UserDetailsService with custom UserDetailsService"() {
|
||||
setup:
|
||||
DefaultsUserDetailsServiceWithDaoConfig.USERDETAILS_SERVICE = Mock(UserDetailsService)
|
||||
when: "use secure cookies not specified"
|
||||
loadConfig(DefaultsUserDetailsServiceWithDaoConfig)
|
||||
when:
|
||||
request.setCookies(createRememberMeCookie())
|
||||
springSecurityFilterChain.doFilter(request, response, chain)
|
||||
then: "RememberMeServices defaults to the custom UserDetailsService"
|
||||
ReflectionTestUtils.getField(findFilter(RememberMeAuthenticationFilter).rememberMeServices, "userDetailsService") == DefaultsUserDetailsServiceWithDaoConfig.USERDETAILS_SERVICE
|
||||
1 * DefaultsUserDetailsServiceWithDaoConfig.USERDETAILS_SERVICE.loadUserByUsername("user")
|
||||
}
|
||||
|
||||
@Configuration
|
||||
|
|
@ -329,6 +331,20 @@ public class NamespaceRememberMeTests extends BaseSpringSpec {
|
|||
}
|
||||
}
|
||||
|
||||
Cookie createRememberMeCookie() {
|
||||
MockHttpServletRequest request = new MockHttpServletRequest()
|
||||
MockHttpServletResponse response = new MockHttpServletResponse()
|
||||
super.setupCsrf("CSRF_TOKEN", request, response)
|
||||
|
||||
MockFilterChain chain = new MockFilterChain()
|
||||
request.servletPath = "/login"
|
||||
request.method = "POST"
|
||||
request.parameters.username = ["user"] as String[]
|
||||
request.parameters.password = ["password"] as String[]
|
||||
request.parameters.'remember-me' = ["true"] as String[]
|
||||
springSecurityFilterChain.doFilter(request, response, chain)
|
||||
response.getCookie("remember-me")
|
||||
}
|
||||
|
||||
Cookie getRememberMeCookie(String cookieName="remember-me") {
|
||||
response.getCookie(cookieName)
|
||||
|
|
|
|||
|
|
@ -15,15 +15,31 @@
|
|||
*/
|
||||
package org.springframework.security.config.annotation.web.configurers
|
||||
|
||||
import javax.servlet.http.Cookie
|
||||
|
||||
import org.springframework.beans.factory.annotation.Autowired
|
||||
import org.springframework.context.annotation.Configuration
|
||||
import org.springframework.mock.web.MockFilterChain
|
||||
import org.springframework.mock.web.MockHttpServletRequest
|
||||
import org.springframework.mock.web.MockHttpServletResponse
|
||||
import org.springframework.mock.web.MockHttpSession
|
||||
import org.springframework.security.authentication.RememberMeAuthenticationToken
|
||||
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
|
||||
import org.springframework.security.config.annotation.AnyObjectPostProcessor
|
||||
import org.springframework.security.config.annotation.BaseSpringSpec
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
|
||||
import org.springframework.security.config.annotation.authentication.configurers.provisioning.InMemoryUserDetailsManagerConfigurer;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
|
||||
import org.springframework.security.core.authority.AuthorityUtils;
|
||||
import org.springframework.security.core.context.SecurityContext
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
import org.springframework.security.core.userdetails.UserDetailsService
|
||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
||||
import org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter
|
||||
import org.springframework.security.web.context.HttpRequestResponseHolder
|
||||
import org.springframework.security.web.context.HttpSessionSecurityContextRepository
|
||||
|
||||
/**
|
||||
* Tests for RememberMeConfigurer that flex edge cases. {@link NamespaceRememberMeTests} demonstrate mapping of the XML namespace to Java Config.
|
||||
|
|
@ -33,11 +49,14 @@ import org.springframework.security.web.authentication.rememberme.RememberMeAuth
|
|||
public class RememberMeConfigurerTests extends BaseSpringSpec {
|
||||
|
||||
def "rememberMe() null UserDetailsService provides meaningful error"() {
|
||||
when: "Load Config without UserDetailsService specified"
|
||||
setup: "Load Config without UserDetailsService specified"
|
||||
loadConfig(NullUserDetailsConfig)
|
||||
when:
|
||||
request.setCookies(createRememberMeCookie())
|
||||
springSecurityFilterChain.doFilter(request, response, chain)
|
||||
then: "A good error message is provided"
|
||||
Exception success = thrown()
|
||||
success.message.contains "Invoke RememberMeConfigurer#userDetailsService(UserDetailsService) or see its javadoc for alternative approaches."
|
||||
success.message.contains "UserDetailsService is required"
|
||||
}
|
||||
|
||||
@EnableWebSecurity
|
||||
|
|
@ -52,6 +71,16 @@ public class RememberMeConfigurerTests extends BaseSpringSpec {
|
|||
.and()
|
||||
.rememberMe()
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void registerAuthentication(AuthenticationManagerBuilder auth)
|
||||
throws Exception {
|
||||
User user = new User("user", "password", AuthorityUtils.createAuthorityList("ROLE_USER"))
|
||||
DaoAuthenticationProvider provider = new DaoAuthenticationProvider()
|
||||
provider.userDetailsService = new InMemoryUserDetailsManager([user])
|
||||
auth
|
||||
.authenticationProvider(provider)
|
||||
}
|
||||
}
|
||||
|
||||
def "rememberMe ObjectPostProcessor"() {
|
||||
|
|
@ -84,4 +113,89 @@ public class RememberMeConfigurerTests extends BaseSpringSpec {
|
|||
then: "RememberMeAuthenticationFilter is registered with LifecycleManager"
|
||||
http.getConfigurer(RememberMeConfigurer).userDetailsService != null
|
||||
}
|
||||
|
||||
|
||||
def "http/remember-me with Global AuthenticationManagerBuilder"() {
|
||||
setup:
|
||||
loadConfig(RememberMeConfig)
|
||||
when: "login with remember me"
|
||||
super.setup()
|
||||
request.servletPath = "/login"
|
||||
request.method = "POST"
|
||||
request.parameters.username = ["user"] as String[]
|
||||
request.parameters.password = ["password"] as String[]
|
||||
request.parameters.'remember-me' = ["true"] as String[]
|
||||
springSecurityFilterChain.doFilter(request,response,chain)
|
||||
Cookie rememberMeCookie = getRememberMeCookie()
|
||||
then: "response contains remember me cookie"
|
||||
rememberMeCookie != null
|
||||
when: "session expires"
|
||||
super.setup()
|
||||
request.setCookies(rememberMeCookie)
|
||||
request.requestURI = "/abc"
|
||||
springSecurityFilterChain.doFilter(request,response,chain)
|
||||
MockHttpSession session = request.getSession()
|
||||
then: "initialized to RememberMeAuthenticationToken"
|
||||
SecurityContext context = new HttpSessionSecurityContextRepository().loadContext(new HttpRequestResponseHolder(request, response))
|
||||
context.getAuthentication() instanceof RememberMeAuthenticationToken
|
||||
when: "logout"
|
||||
super.setup()
|
||||
request.setSession(session)
|
||||
super.setupCsrf()
|
||||
request.setCookies(rememberMeCookie)
|
||||
request.servletPath = "/logout"
|
||||
request.method = "POST"
|
||||
springSecurityFilterChain.doFilter(request,response,chain)
|
||||
rememberMeCookie = getRememberMeCookie()
|
||||
then: "logout cookie expired"
|
||||
response.getRedirectedUrl() == "/login?logout"
|
||||
rememberMeCookie.maxAge == 0
|
||||
when: "use remember me after logout"
|
||||
super.setup()
|
||||
request.setCookies(rememberMeCookie)
|
||||
request.requestURI = "/abc"
|
||||
springSecurityFilterChain.doFilter(request,response,chain)
|
||||
then: "sent to default login page"
|
||||
response.getRedirectedUrl() == "http://localhost/login"
|
||||
}
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
static class RememberMeConfig extends WebSecurityConfigurerAdapter {
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.authorizeRequests()
|
||||
.anyRequest().hasRole("USER")
|
||||
.and()
|
||||
.formLogin()
|
||||
.and()
|
||||
.rememberMe()
|
||||
}
|
||||
|
||||
@Autowired
|
||||
public void registerGlobalAuthentication(AuthenticationManagerBuilder auth) {
|
||||
auth
|
||||
.inMemoryAuthentication()
|
||||
.withUser("user").password("password").roles("USER");
|
||||
}
|
||||
}
|
||||
|
||||
Cookie createRememberMeCookie() {
|
||||
MockHttpServletRequest request = new MockHttpServletRequest()
|
||||
MockHttpServletResponse response = new MockHttpServletResponse()
|
||||
super.setupCsrf("CSRF_TOKEN", request, response)
|
||||
|
||||
MockFilterChain chain = new MockFilterChain()
|
||||
request.servletPath = "/login"
|
||||
request.method = "POST"
|
||||
request.parameters.username = ["user"] as String[]
|
||||
request.parameters.password = ["password"] as String[]
|
||||
request.parameters.'remember-me' = ["true"] as String[]
|
||||
springSecurityFilterChain.doFilter(request, response, chain)
|
||||
response.getCookie("remember-me")
|
||||
}
|
||||
|
||||
Cookie getRememberMeCookie(String cookieName="remember-me") {
|
||||
response.getCookie(cookieName)
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ Before securing your application, it is important to ensure that the existing ap
|
|||
|
||||
=== Updating your dependencies
|
||||
|
||||
You will need to ensure you have added the dependencies. Spring Security milestones and release canidates are available in the https://github.com/SpringSource/spring-framework/wiki/SpringSource-repository-FAQ[Spring Milestone Repository]. In short, if you are using Maven and using a milestone or release canidate ensure you have the following repository in your pom.xml:
|
||||
You will need to ensure you have added the dependencies. Spring Security milestones and release candidates are available in the https://github.com/SpringSource/spring-framework/wiki/SpringSource-repository-FAQ[Spring Milestone Repository]. In short, if you are using Maven and using a milestone or release candidates ensure you have the following repository in your pom.xml:
|
||||
|
||||
.pom.xml
|
||||
[source,xml]
|
||||
|
|
@ -63,6 +63,8 @@ The next step is to create a Spring Security configuration.
|
|||
----
|
||||
package org.springframework.security.samples.config;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
|
||||
import org.springframework.context.annotation.*;
|
||||
import org.springframework.security.config.annotation.authentication.builders.*;
|
||||
import org.springframework.security.config.annotation.web.configuration.*;
|
||||
|
|
@ -71,8 +73,8 @@ import org.springframework.security.config.annotation.web.configuration.*;
|
|||
@EnableWebSecurity
|
||||
public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
@Override
|
||||
protected void registerAuthentication(AuthenticationManagerBuilder auth) throws Exception {
|
||||
@Autowired
|
||||
public void registerGlobalAuthentication(AuthenticationManagerBuilder auth) throws Exception {
|
||||
auth
|
||||
.inMemoryAuthentication()
|
||||
.withUser("user").password("password").roles("USER");
|
||||
|
|
@ -80,14 +82,12 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
|||
}
|
||||
----
|
||||
|
||||
|
||||
[[servlet-api-integration]]
|
||||
The <<security-config-java,`SecurityConfig`>> will:
|
||||
|
||||
* Require authentication to every URL in your application
|
||||
* Generate a login form for you
|
||||
* Allow the user with the *Username* _user_ and the *Password* _password_ to authenticate with form based authentication
|
||||
* Allow the user with the *Username* _user_ and the *Password* _password_ to authenticate with HTTP basic authentication
|
||||
* Allow the user to logout
|
||||
* http://en.wikipedia.org/wiki/Cross-site_request_forgery[CSRF attack] prevention
|
||||
* http://en.wikipedia.org/wiki/Session_fixation[Session Fixation] protection
|
||||
|
|
|
|||
|
|
@ -1,8 +1,7 @@
|
|||
package org.springframework.security.samples.config;
|
||||
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
|
|
@ -21,8 +20,8 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
|||
.antMatchers("/resources/**");
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void registerAuthentication(
|
||||
@Autowired
|
||||
public void registerGlobalAuthentication(
|
||||
AuthenticationManagerBuilder auth) throws Exception {
|
||||
auth
|
||||
.inMemoryAuthentication()
|
||||
|
|
@ -30,13 +29,6 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
|||
.withUser("admin").password("password").roles("USER", "ADMIN");
|
||||
}
|
||||
|
||||
@Bean
|
||||
@Override
|
||||
public AuthenticationManager authenticationManagerBean()
|
||||
throws Exception {
|
||||
return super.authenticationManagerBean();
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void configure(
|
||||
HttpSecurity http) throws Exception {
|
||||
|
|
|
|||
|
|
@ -1,9 +1,11 @@
|
|||
package org.springframework.security.samples.config;
|
||||
|
||||
import org.springframework.context.annotation.*;
|
||||
import org.springframework.security.config.annotation.authentication.builders.*;
|
||||
import org.springframework.security.config.annotation.web.builders.*;
|
||||
import org.springframework.security.config.annotation.web.configuration.*;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
|
|
@ -24,8 +26,8 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
|||
.permitAll();
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void registerAuthentication(
|
||||
@Autowired
|
||||
public void registerGlobalAuthentication(
|
||||
AuthenticationManagerBuilder auth) throws Exception {
|
||||
auth
|
||||
.inMemoryAuthentication()
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
package org.springframework.security.samples.config;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
|
|
@ -9,8 +10,8 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
|
|||
@EnableWebSecurity
|
||||
public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
@Override
|
||||
protected void registerAuthentication(
|
||||
@Autowired
|
||||
public void registerGlobalAuthentication(
|
||||
AuthenticationManagerBuilder auth) throws Exception {
|
||||
auth
|
||||
.inMemoryAuthentication()
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
package org.springframework.security.samples.config;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
|
|
@ -9,8 +10,8 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
|
|||
@EnableWebSecurity
|
||||
public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
@Override
|
||||
protected void registerAuthentication(
|
||||
@Autowired
|
||||
public void registerGlobalAuthentication(
|
||||
AuthenticationManagerBuilder auth) throws Exception {
|
||||
auth
|
||||
.inMemoryAuthentication()
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
package org.springframework.security.samples.config;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.authentication.builders.* ;
|
||||
import org.springframework.security.config.annotation.web.configuration.*;
|
||||
|
|
@ -8,8 +9,8 @@ import org.springframework.security.config.annotation.web.configuration.*;
|
|||
@EnableWebSecurity
|
||||
public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
@Override
|
||||
protected void registerAuthentication(AuthenticationManagerBuilder auth) throws Exception {
|
||||
@Autowired
|
||||
public void registerGlobalAuthentication(AuthenticationManagerBuilder auth) throws Exception {
|
||||
auth
|
||||
.inMemoryAuthentication()
|
||||
.withUser("user").password("password").roles("USER");
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
package org.springframework.security.samples.config;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
|
|
@ -10,8 +11,8 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
|
|||
@EnableWebSecurity
|
||||
public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
@Override
|
||||
protected void registerAuthentication(
|
||||
@Autowired
|
||||
public void registerGlobalAuthentication(
|
||||
AuthenticationManagerBuilder auth) throws Exception {
|
||||
auth
|
||||
.inMemoryAuthentication()
|
||||
|
|
|
|||
|
|
@ -16,8 +16,8 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
|||
@Autowired
|
||||
private DataSource dataSource;
|
||||
|
||||
@Override
|
||||
protected void registerAuthentication(AuthenticationManagerBuilder auth) throws Exception {
|
||||
@Autowired
|
||||
public void registerGlobalAuthentication(AuthenticationManagerBuilder auth) throws Exception {
|
||||
auth
|
||||
.jdbcAuthentication()
|
||||
.dataSource(dataSource)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
package org.springframework.security.samples.config;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
|
|
@ -9,8 +10,8 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
|
|||
@Configuration
|
||||
@EnableWebSecurity
|
||||
public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
@Override
|
||||
protected void registerAuthentication(
|
||||
@Autowired
|
||||
public void registerGlobalAuthentication(
|
||||
AuthenticationManagerBuilder auth) throws Exception {
|
||||
auth
|
||||
.ldapAuthentication()
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
package org.springframework.security.samples.config;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
|
|
@ -10,8 +11,8 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
|
|||
@EnableWebSecurity
|
||||
public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
@Override
|
||||
protected void registerAuthentication(
|
||||
@Autowired
|
||||
public void registerGlobalAuthentication(
|
||||
AuthenticationManagerBuilder auth) throws Exception {
|
||||
auth
|
||||
.inMemoryAuthentication()
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
package org.springframework.security.samples.config;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
|
|
@ -10,8 +11,8 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
|
|||
@EnableWebSecurity
|
||||
public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
@Override
|
||||
protected void registerAuthentication(AuthenticationManagerBuilder auth)
|
||||
@Autowired
|
||||
public void registerGlobalAuthentication(AuthenticationManagerBuilder auth)
|
||||
throws Exception {
|
||||
auth.
|
||||
inMemoryAuthentication()
|
||||
|
|
|
|||
Loading…
Reference in New Issue