Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-05-05 00:37:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update Spring MVC Docs

Browse Source 
Closes gh-14220
This commit is contained in:
Josh Cummings 2023-12-01 10:19:28 -07:00
parent c623303ca5
commit c336ca49fb
No known key found for this signature in database
GPG Key ID: A306A51F43B8E5A5
1 changed files with 31 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
docs/modules/ROOT/pages/servlet/configuration/java.adoc
View File

@ -112,7 +112,7 @@ public class SecurityWebApplicationInitializer
This would simply only register the springSecurityFilterChain Filter for every URL in your application. This would simply only register the springSecurityFilterChain Filter for every URL in your application.
After that we would ensure that `WebSecurityConfig` was loaded in our existing ApplicationInitializer. After that we would ensure that `WebSecurityConfig` was loaded in our existing ApplicationInitializer.
For example, if we were using Spring MVC it would be added in the `getRootConfigClasses()` For example, if we were using Spring MVC it would be added in the `getServletConfigClasses()`
[[message-web-application-inititializer-java]] [[message-web-application-inititializer-java]]
[source,java] [source,java]
@ -121,14 +121,42 @@ public class MvcWebApplicationInitializer extends
AbstractAnnotationConfigDispatcherServletInitializer { AbstractAnnotationConfigDispatcherServletInitializer {
@Override @Override
protected Class<?>[] getRootConfigClasses() { protected Class<?>[] getServletConfigClasses() {
return new Class[] { WebSecurityConfig.class }; return new Class[] { WebSecurityConfig.class, WebMvcConfig.class };
} }
// ... other overrides ... // ... other overrides ...
} }
---- ----
The reason for this is that Spring Security needs to be able to inspect some Spring MVC configuration in order to appropriately configure xref:servlet/authorization/authorize-http-requests.adoc#_request_matchers[underlying request matchers], so they need to be in the same application context.
Placing Spring Security in `getRootConfigClasses` places it into a parent application context that may not be able to find Spring MVC's `HandlerMappingIntrospector`.
==== Configuring for Multiple Spring MVC Dispatchers
If desired, any Spring Security configuration that is unrelated to Spring MVC may be placed in a different configuration class like so:
[source,java]
----
public class MvcWebApplicationInitializer extends
AbstractAnnotationConfigDispatcherServletInitializer {
@Override
protected Class<?>[] getRootConfigClasses() {
return new Class[] { NonWebSecurityConfig.class };
}
@Override
protected Class<?>[] getServletConfigClasses() {
return new Class[] { WebSecurityConfig.class, WebMvcConfig.class };
}
// ... other overrides ...
}
----
This can be helpful if you have multiple instances of `AbstractAnnotationConfigDispatcherServletInitializer` and don't want to duplicate the general security configuration across both of them.
[[jc-httpsecurity]] [[jc-httpsecurity]]
== HttpSecurity == HttpSecurity