Fix secure method configuration global authentication

This fixes a bug in the sample, where the AuthenticationManager it builds
is a local one for the filter chain containing "/login", whereas it was
expecting to override the Boot default, which is "global". The fix is
to extract the authentication configuration out into a
GlobalAuthenticationConfigurerAdapter.

Fixes gh-699
This commit is contained in:
Dave Syer
2014-04-20 10:18:04 -07:00
parent e4b8e174e8
commit 0aa93036fa
2 changed files with 23 additions and 11 deletions

View File

@@ -23,10 +23,12 @@ import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.boot.builder.SpringApplicationBuilder;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.Ordered;
import org.springframework.core.annotation.Order;
import org.springframework.security.access.annotation.Secured;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.authentication.configurers.GlobalAuthenticationConfigurerAdapter;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@@ -70,17 +72,22 @@ public class SampleMethodSecurityApplication extends WebMvcConfigurerAdapter {
return new ApplicationSecurity();
}
@Order(Ordered.LOWEST_PRECEDENCE - 8)
protected static class ApplicationSecurity extends WebSecurityConfigurerAdapter {
@Order(Ordered.HIGHEST_PRECEDENCE)
@Configuration
protected static class AuthenticationSecurity extends GlobalAuthenticationConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
public void init(AuthenticationManagerBuilder auth) throws Exception {
// @formatter:off
auth.inMemoryAuthentication().withUser("admin").password("admin")
.roles("ADMIN", "USER").and().withUser("user").password("user")
.roles("USER");
// @formatter:on
}
}
@Order(Ordered.LOWEST_PRECEDENCE - 8)
protected static class ApplicationSecurity extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {