SEC-2868: Simplify custom UserDetailsService Java Config

Exposing a UserDetailsService as a bean is now all that is necessary
for Java based configuration. Additionally, an optional PasswordEncoder
bean can be used to configure password encoding.
This commit is contained in:
Rob Winch
2015-08-27 20:41:15 -05:00
parent 35393098f8
commit bac980cbcb
4 changed files with 185 additions and 7 deletions

View File

@@ -374,6 +374,7 @@ This will give you access to the entire project history (including all releases
** <<method-security-meta-annotations,Method Security Meta Annotations>>
* <<el-access-web-path-variables,Path Variables in Web Security Expressions>>
* <<test-method-withanonymoususer,@WithAnonymousUser>>
* <<jc-authentication-userdetailsservice,Simplified UserDetailsService Java Configuration>>
=== What's new in Spring Security 4.0
@@ -912,6 +913,33 @@ cn: admin
uniqueMember: uid=admin,ou=people,dc=springframework,dc=org
----
[[jc-authentication-userdetailsservice]]
==== UserDetailsService
You can define custom authentication by exposing a custom `UserDetailsService` as a bean.
For example, the following will customize authentication assuming that `SpringDataUserDetailsService` implements `UserDetailsService`:
[source,java]
----
@Bean
public SpringDataUserDetailsService springDataUserDetailsService() {
return new SpringDataUserDetailsService();
}
----
You can also customize how passwords are encoded by exposing a `PasswordEncoder` as a bean.
For example, if you use bcrypt you can add a bean definition as shown below:
[source,java]
----
@Bean
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
----
==== LDAP Authentication
=== Multiple HttpSecurity
We can configure multiple HttpSecurity instances just as we can have multiple `<http>` blocks. The key is to extend the `WebSecurityConfigurationAdapter` multiple times. For example, the following is an example of having a different configuration for URL's that start with `/api/`.