SEC-2868: Simplify custom UserDetailsService Java Config
Exposing a UserDetailsService as a bean is now all that is necessary for Java based configuration. Additionally, an optional PasswordEncoder bean can be used to configure password encoding.
This commit is contained in:
@@ -374,6 +374,7 @@ This will give you access to the entire project history (including all releases
|
||||
** <<method-security-meta-annotations,Method Security Meta Annotations>>
|
||||
* <<el-access-web-path-variables,Path Variables in Web Security Expressions>>
|
||||
* <<test-method-withanonymoususer,@WithAnonymousUser>>
|
||||
* <<jc-authentication-userdetailsservice,Simplified UserDetailsService Java Configuration>>
|
||||
|
||||
=== What's new in Spring Security 4.0
|
||||
|
||||
@@ -912,6 +913,33 @@ cn: admin
|
||||
uniqueMember: uid=admin,ou=people,dc=springframework,dc=org
|
||||
----
|
||||
|
||||
[[jc-authentication-userdetailsservice]]
|
||||
==== UserDetailsService
|
||||
|
||||
You can define custom authentication by exposing a custom `UserDetailsService` as a bean.
|
||||
For example, the following will customize authentication assuming that `SpringDataUserDetailsService` implements `UserDetailsService`:
|
||||
|
||||
[source,java]
|
||||
----
|
||||
@Bean
|
||||
public SpringDataUserDetailsService springDataUserDetailsService() {
|
||||
return new SpringDataUserDetailsService();
|
||||
}
|
||||
----
|
||||
|
||||
You can also customize how passwords are encoded by exposing a `PasswordEncoder` as a bean.
|
||||
For example, if you use bcrypt you can add a bean definition as shown below:
|
||||
|
||||
[source,java]
|
||||
----
|
||||
@Bean
|
||||
public BCryptPasswordEncoder passwordEncoder() {
|
||||
return new BCryptPasswordEncoder();
|
||||
}
|
||||
----
|
||||
|
||||
==== LDAP Authentication
|
||||
|
||||
=== Multiple HttpSecurity
|
||||
|
||||
We can configure multiple HttpSecurity instances just as we can have multiple `<http>` blocks. The key is to extend the `WebSecurityConfigurationAdapter` multiple times. For example, the following is an example of having a different configuration for URL's that start with `/api/`.
|
||||
|
||||
Reference in New Issue
Block a user