@ -112,7 +112,7 @@ public class SecurityWebApplicationInitializer
@@ -112,7 +112,7 @@ public class SecurityWebApplicationInitializer
}
----
This onlys register the `springSecurityFilterChain` for every URL in your application.
This only registers the `springSecurityFilterChain` for every URL in your application.
After that, we need to ensure that `WebSecurityConfig` was loaded in our existing `ApplicationInitializer`.
For example, if we use Spring MVC it is added in the `getServletConfigClasses()`:
@ -131,7 +131,7 @@ public class MvcWebApplicationInitializer extends
@@ -131,7 +131,7 @@ public class MvcWebApplicationInitializer extends
}
----
The reason for this is that Spring Security needs to be able to inspect some Spring MVC configuration in order to appropriately configure xref:servlet/authorization/authorize-http-requests.adoc#_request_matchers[underlying request matchers], so they need to be in the same application context.
The reason for this is that Spring Security needs to be able to inspect some Spring MVC configuration in order to appropriately configure xref:servlet/authorization/authorize-http-requests.adoc#authorizing-endpoints[underlying request matchers], so they need to be in the same application context.
Placing Spring Security in `getRootConfigClasses` places it into a parent application context that may not be able to find Spring MVC's `HandlerMappingIntrospector`.
==== Configuring for Multiple Spring MVC Dispatchers
@ -203,7 +203,7 @@ Note that this configuration is parallels the XML Namespace configuration:
@@ -203,7 +203,7 @@ Note that this configuration is parallels the XML Namespace configuration:
We can configure multiple `HttpSecurity` instances just as we can have multiple `<http>` blocks in XML.
The key is to register multiple `SecurityFilterChain` ``@Bean``s.
The following example has a different configuration for URL's that start with `/api/`.
The following example has a different configuration for URLs that start with `/api/`.
[source,java]
----
@ -224,7 +224,7 @@ public class MultiHttpSecurityConfig {
@@ -224,7 +224,7 @@ public class MultiHttpSecurityConfig {
@Order(1) <2>
public SecurityFilterChain apiFilterChain(HttpSecurity http) throws Exception {
open fun filterChain(http: HttpSecurity): SecurityFilterChain {
http {
http {
authorizeHttpRequests {
authorize(anyRequest, authenticated)
}
formLogin { }
httpBasic { }
formLogin { }
httpBasic { }
}
return http.build()
}
----
[NOTE]
Make sure that import the `invoke` function in your class, sometimes the IDE will not auto-import it causing compilation issues.
Make sure to import the `invoke` function in your class, as the IDE will not always auto-import the method, causing compilation issues.
The default configuration (shown in the preceding listing):
@ -43,7 +44,7 @@ The default configuration (shown in the preceding listing):
@@ -43,7 +44,7 @@ The default configuration (shown in the preceding listing):
* Lets users authenticate with form-based login
* Lets users authenticate with HTTP Basic authentication
Note that this configuration is parallels the XML namespace configuration:
Note that this configuration parallels the XML namespace configuration:
[source,xml]
----
@ -58,13 +59,13 @@ Note that this configuration is parallels the XML namespace configuration:
@@ -58,13 +59,13 @@ Note that this configuration is parallels the XML namespace configuration:
We can configure multiple `HttpSecurity` instances, just as we can have multiple `<http>` blocks.
The key is to register multiple `SecurityFilterChain` ``@Bean``s.
The following example has a different configuration for URL's that start with `/api/`:
The following example has a different configuration for URLs that start with `/api/`:
Steve Riesenberg
2 years ago