Configure Swagger
Spring Security provides a specific WebApplicationInitializer to initialize Spring Security facilities.
@Order(1)
public class SecurityInitializer extends AbstractSecurityWebApplicationInitializer {
}Similiar with AbstractAnnotationConfigDispatcherServletInitializer, it is a WebApplicationInitializer implementation, and aleady configured Spring Security filter chain for you.
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
public void configure(WebSecurity web) throws Exception {
web
.ignoring()
.antMatchers("/**/*.html", //
"/css/**", //
"/js/**", //
"/i18n/**",//
"/libs/**",//
"/img/**", //
"/webjars/**",//
"/ico/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/api/**")
.authenticated()
.and()
.authorizeRequests()
.anyRequest()
.permitAll()
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.httpBasic()
.and()
.csrf()
.disable();
}
@Override
protected void configure(AuthenticationManagerBuilder auth)
throws Exception {
auth.inMemoryAuthentication()
.passwordEncoder(passwordEncoder())
.withUser("admin").password("test123").authorities("ROLE_ADMIN")
.and()
.withUser("test").password("test123").authorities("ROLE_USER");
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Bean
@Override
public UserDetailsService userDetailsServiceBean() throws Exception {
return super.userDetailsServiceBean();
}
}AuthenticationManagerBuilder is the simplest entry to configure the essential security requirements. InMemory authentication is frequently used for demonstration or test purpose. In a real world project, it is better to implement a UserDetailsService to load users from database.
Last updated
Was this helpful?