How to add Spring WebSecurityConfig to an existing project
I need to add the WebSecurityConfig to the application context adding this line in the main class declaration:
...
@Import(WebSecurityConfig.class)
public class Application {
...
Another thing that I did is upgrade SpringBoot to 1.4.3.RELEASE
and put the main application to root folder:
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>1.4.3.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
The tree will be, for example:
└── com
└── app
├── Application.java
└── config
└── WebSecurityConfig.java
This automatically load all @Configuration
in son folders.
selan
Updated on June 04, 2022Comments
-
selan almost 2 years
I want to add to a an existing spring REST api project a simply configuration for WebSecurityConfigurerAdapter to test it. But when spring starts it doesn't load the configuration. Maybe I need to add it to the application context but I don't know how to do it.
If I make a
curl localhost:8080/
always get an unauthorized response, so I think that is not loading the configuration, why it is? Or, how I should load it? In all the diversed projects that I saw on github, they never do special things to load it! Its maybe because its loading an embbeded servlet first?This is the simple web security configuration:
@SuppressWarnings("SpringJavaAutowiringInspection") @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private UserDetailsService userDetailsService; @Autowired public void configureAuthentication(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception { authenticationManagerBuilder .userDetailsService(this.userDetailsService) .passwordEncoder(passwordEncoder()); } @Bean public PasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(); } @Override protected void configure(HttpSecurity httpSecurity) throws Exception { httpSecurity // we don't need CSRF because our token is invulnerable .csrf().disable() // don't create session .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and() .authorizeRequests() //.antMatchers(HttpMethod.OPTIONS, "/**").permitAll() // allow anonymous resource requests .antMatchers( HttpMethod.GET, "/", "/*.html", "/favicon.ico", "/**/*.html", "/**/*.css", "/**/*.js", "/**" ).permitAll() .antMatchers("/auth/**").permitAll() .anyRequest().authenticated(); // disable page caching httpSecurity.headers().cacheControl(); } }
And this is my Application
@Configuration @EnableConfigurationProperties @ComponentScan(basePackageClasses = SimpleCORSFilter.class) @EnableAutoConfiguration org.springframework.boot.actuate.autoconfigure.ManagementSecurityAutoConfiguration.class}) @EntityScan(basePackages = "com.thing.model") @RestController public class Application { @Bean public FilterRegistrationBean filterRegistrationBean() { FilterRegistrationBean registrationBean = new FilterRegistrationBean(); CharacterEncodingFilter characterEncodingFilter = new CharacterEncodingFilter(); registrationBean.setFilter(characterEncodingFilter); characterEncodingFilter.setEncoding("UTF-8"); characterEncodingFilter.setForceEncoding(true); registrationBean.setOrder(Integer.MIN_VALUE); registrationBean.addUrlPatterns("/*"); return registrationBean; } public static void main(String[] args) { SpringApplication application = new SpringApplication(Application.class); SpringApplication.run(Application.class, args); } @RequestMapping("/") public String home() { return "Hello World"; }
pom.xml dependencies
<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-data-jpa</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-tomcat</artifactId> <scope>provided</scope> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-actuator</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-test</artifactId> <scope>test</scope> </dependency> <dependency> <groupId>org.geotools</groupId> <artifactId>gt-referencing</artifactId> <version>8.2</version> <type>jar</type> </dependency> <dependency> <groupId>org.jsoup</groupId> <artifactId>jsoup</artifactId> <version>1.7.2</version> <type>jar</type> </dependency> <dependency> <groupId>org.postgresql</groupId> <artifactId>postgresql</artifactId> <version>9.3-1102-jdbc41</version> </dependency> <dependency> <groupId>org.yaml</groupId> <artifactId>snakeyaml</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency>