0

I am trying with no luck to translate this configuration to java config I have all the classes ready but i just can figure it out Please help 

<bean id="passwordEncoder" class="org.springframework.security.crypto.password.StandardPasswordEncoder">
    <constructor-arg value="ThisIsASecretSoChangeMe" />
</bean>

<security:authentication-manager id="authenticationManager">
    <security:authentication-provider user-service-ref="userDao">
        <security:password-encoder ref="passwordEncoder"></security:password-encoder>
    </security:authentication-provider>
</security:authentication-manager>

<security:http
        realm="Protected API"
        use-expressions="true"
        auto-config="false"
        create-session="stateless"
        entry-point-ref="unauthorizedEntryPoint"
        authentication-manager-ref="authenticationManager">
    <security:custom-filter ref="authenticationTokenProcessingFilter" position="FORM_LOGIN_FILTER" />
    <security:intercept-url pattern="/rest/user/authenticate" access="permitAll" />
    <security:intercept-url method="GET" pattern="/rest/news/**" access="hasRole('user')" />
    <security:intercept-url method="PUT" pattern="/rest/news/**" access="hasRole('admin')" />
    <security:intercept-url method="POST" pattern="/rest/news/**" access="hasRole('admin')" />
    <security:intercept-url method="DELETE" pattern="/rest/news/**" access="hasRole('admin')" />
</security:http>

<bean id="unauthorizedEntryPoint" class="net.dontdrinkandroot.example.angularrestspringsecurity.rest.UnauthorizedEntryPoint" />

<bean class="net.dontdrinkandroot.example.angularrestspringsecurity.rest.AuthenticationTokenProcessingFilter" id="authenticationTokenProcessingFilter">
    <constructor-arg ref="userDao" />
</bean>
yonia
  • 1,681
  • 1
  • 14
  • 12

1 Answers1

0

This appears to have been addressed in this post Spring: Annotation equivalent of security:authentication-manager and security:global-method-security

I have left mine in xml form for the moment. I stripped everything but the security config from the rest-services-config.xml then imported it to my new configWebXml class like this:

@Configuration
@ComponentScan
@EnableAutoConfiguration
@ImportResource("classpath:rest-services-config.xml")
public class ConfigWebXml extends SpringBootServletInitializer {
   @Override
    protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
        return application.sources(Application.class);
    }

    public static void main(String[] args) {
        SpringApplication.run(Application.class, args);
    }
}

Until I did this, the security context would not be cleared. After a successful login, it would never go back and validate the token. This allowed me to convert to a full annotation based springboot app with the exception of spring security.

Hope this helps.

Community
  • 1
  • 1
jamesbehrens
  • 11
  • 3