Add constants to SecurityProperties and ManagementServerProperties
For the convenience of users who want to selectively override the access rules in an application without taking complete control of the security configuration we now have some constants: * SecurityProperties.ACCESS_OVERRIDE_ORDER for overriding just the application endpoint access rules * ManagementServerProperties.ACCESS_OVERRIDE_ORDER for overriding the application endpoint and management endpoint access rules Fixes gh-803
This commit is contained in:
@@ -20,10 +20,10 @@ import java.util.Date;
|
||||
import java.util.Map;
|
||||
|
||||
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.security.SecurityProperties;
|
||||
import org.springframework.boot.builder.SpringApplicationBuilder;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.ComponentScan;
|
||||
import org.springframework.core.Ordered;
|
||||
import org.springframework.core.annotation.Order;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
@@ -52,8 +52,8 @@ public class SampleWebSecureApplication extends WebMvcConfigurerAdapter {
|
||||
|
||||
public static void main(String[] args) throws Exception {
|
||||
// Set user password to "password" for demo purposes only
|
||||
new SpringApplicationBuilder(SampleWebSecureApplication.class).properties(
|
||||
"security.user.password=password").run(args);
|
||||
new SpringApplicationBuilder(SampleWebSecureApplication.class)
|
||||
.properties("security.user.password=password").run(args);
|
||||
}
|
||||
|
||||
@Override
|
||||
@@ -66,12 +66,14 @@ public class SampleWebSecureApplication extends WebMvcConfigurerAdapter {
|
||||
return new ApplicationSecurity();
|
||||
}
|
||||
|
||||
@Order(Ordered.LOWEST_PRECEDENCE - 8)
|
||||
protected static class ApplicationSecurity extends WebSecurityConfigurerAdapter {
|
||||
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
|
||||
protected static class ApplicationSecurity extends
|
||||
WebSecurityConfigurerAdapter {
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http.authorizeRequests().anyRequest().fullyAuthenticated().and().formLogin()
|
||||
.loginPage("/login").failureUrl("/login?error").permitAll();
|
||||
http.authorizeRequests().anyRequest().fullyAuthenticated().and()
|
||||
.formLogin().loginPage("/login").failureUrl("/login?error")
|
||||
.permitAll();
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user