Add constants to SecurityProperties and ManagementServerProperties

For the convenience of users who want to selectively override the
access rules in an application without taking complete control of the
security configuration we now have some constants:

* SecurityProperties.ACCESS_OVERRIDE_ORDER for overriding just the
application endpoint access rules

* ManagementServerProperties.ACCESS_OVERRIDE_ORDER for overriding the
application endpoint and management endpoint access rules

Fixes gh-803
This commit is contained in:
Dave Syer
2014-05-07 14:41:35 -07:00
parent f04f265515
commit 14d3b46809
8 changed files with 82 additions and 31 deletions

View File

@@ -20,10 +20,10 @@ import java.util.Date;
import java.util.Map;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.boot.autoconfigure.security.SecurityProperties;
import org.springframework.boot.builder.SpringApplicationBuilder;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.core.Ordered;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@@ -52,8 +52,8 @@ public class SampleWebSecureApplication extends WebMvcConfigurerAdapter {
public static void main(String[] args) throws Exception {
// Set user password to "password" for demo purposes only
new SpringApplicationBuilder(SampleWebSecureApplication.class).properties(
"security.user.password=password").run(args);
new SpringApplicationBuilder(SampleWebSecureApplication.class)
.properties("security.user.password=password").run(args);
}
@Override
@@ -66,12 +66,14 @@ public class SampleWebSecureApplication extends WebMvcConfigurerAdapter {
return new ApplicationSecurity();
}
@Order(Ordered.LOWEST_PRECEDENCE - 8)
protected static class ApplicationSecurity extends WebSecurityConfigurerAdapter {
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
protected static class ApplicationSecurity extends
WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().fullyAuthenticated().and().formLogin()
.loginPage("/login").failureUrl("/login?error").permitAll();
http.authorizeRequests().anyRequest().fullyAuthenticated().and()
.formLogin().loginPage("/login").failureUrl("/login?error")
.permitAll();
}
}