Commit Graph

6 Commits

Author SHA1 Message Date
Phillip Webb
fa88c481a5 Remote trailing whitespace 2014-07-02 15:17:14 -07:00
Phillip Webb
44d708ef7a Polish 2014-03-25 14:33:27 -07:00
Dave Syer
4d608f20e9 Support for AuthenticationManagerBuilder injection into user code
Spring Boot provides a default AuthenticatiomManager for getting
started quickly with security and never exposing insecure
endpoints. To override that feature as users move to the next
stage in their project, they may have to do something slightly
different depending on whether it is a webapp or not.

In any app (web or not), providing a @Bean of type
AuthenticationManager always works, but you don't get the benefit of
the builder features.

In a webapp the user can also extend WebSecurityConfigurerAdapter
to provides a custom AuthenticationManager, and the preferred
way of doing that is via a void method that is autowired with an
AuthenticationManagerBuilder. The default AuthenticationManager is
built in a configurer with @Order(LOWEST_PRECEDENCE - 3) so
to override it the user's confugrer must have higher precedence
(lower @Order).

@EnableGlobalMethodSecurity can also be used in a non-webapp, and
Spring Boot will still provide a default AuthenticationManager.
To override it the user has to either extend
GlobalMethodSecurityConfiguration or provide a @Bean of type
AuthenticationManager (there's no other way to
capture the AuthenticationManagerBuilder that doesn't happen too late
in the beans lifecyle).

Fixes gh-244
2014-01-29 15:47:46 +00:00
Phillip Webb
cdda330acd Update copyright header for files changed in 2014 2014-01-21 10:27:10 -08:00
Phillip Webb
47da8a817a Polish 2014-01-10 13:06:54 -08:00
Dave Syer
b1db714c23 Allow @EnableGlobalMethodSecurity in a non webapp
Fixes gh-202
2014-01-09 17:13:59 +00:00