0

I am trying to learn Spring security, and I want to add security functionality to the spring petclinic sample application (the code for which is at this link). However, there are problems with the samples on the web.

For example, I would like to use this example, but it uses .java files in an init folder (which you can view at this link) to do tasks which I think the petclinic application does using xml files (which you can view at this link).

I want to stick with the xml approach because I have spent many months using xml configuration, but I do not understand the difference between using the xml configuration and java configuration.

Can someone help me understand what changes I would have to make to this example in order to get it to work with the xml configuration in the spring petclinic app?

Alternatively, if you can show a quick and easy way to get working security up and running on the spring petclinic app so that I can start learning by tinkering with working code, that would be OK also.

I started using the spring tutorial for adding security to the petclinic app (at this link), but it is not usable because it is many years old and uses an obsolete version of spring.

EDIT:

Based on JHadesDev's suggestion, I created a new package called org.springframework.security.samples.petclinic.config and placed the following two files in it:

SecurityConfig.java: 

@Configuration
@EnableWebMvcSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    public void registerGlobalAuthentication(
        AuthenticationManagerBuilder auth) throws Exception {
        auth
            .inMemoryAuthentication()
                .withUser("user").password("password").roles("USER");
    }
}

MessageSecurityWebApplicationInitializer.java 

@Order(2)
public class MessageSecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer {}

Trying to run the app then caused an error indicating that Tomcat would not start because a SpringSecurityFilterChain needed to be identified, so I then altered my web.xml to include it. You can read my entire web.xml by clicking on this link.

But now the changes in web.xml are causing an error indicating that Tomcat will not start because the definition of SpringSecurityFilterChain is redundant. I have posted the entire stack trace on a file sharing site that you can read by clicking on this link.

How can I get rid of this error so that tomcat will start, and so that login functionality will be enabled for the app?

CodeMed
  • 9,527
  • 70
  • 212
  • 364

1 Answers1

0

put this java configuration next to other @Config files:

@Configuration
@EnableWebMvcSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
                .anyRequest().authenticated()
                .and()
            .formLogin();
    }
}

This configuration ensures that all urls are secured in the application, and that a default login page is generated. This would be a good starting point, see also this tutorial that goes through Spring security setup using Java config (instead of XML).

Angular University
  • 42,341
  • 15
  • 74
  • 81
  • Thank you for trying to help. I don't understand your answer. Do you mind being more explicit? For starters, are you saying to add your `SecurityConfig` class to this folder in the petclinic app? https://github.com/spring-projects/spring-petclinic/tree/master/src/main/resources/spring – CodeMed Mar 25 '14 at 20:22
  • I reframed this problem into another, clearer, question. Are you willing to help me with it? Here is the link: http://stackoverflow.com/questions/22670646/where-do-i-define-springsecurityfilterchain-bean – CodeMed Mar 26 '14 at 20:38