I've already done a simple project on spring mvc framework with XML config file. Now I want to add spring security with java config file in that project. Is it possible to integrate. I've almost spend a whole day searching it on google. I've already read documentation but I didn't get any clue. Can anyone provide me good reference for it? Thanks in advance
You have 2 options depending on which is leading, the XML or Java version. Both of them are quite well documented in the Spring Reference Guide.
When using XML you can simply add the #Configuration annotated class as a bean to the XML configuration like any other bean.
<bean class="your.configuration.class.Here" />
You have to have <context:annoation-config /> to have the #Configuration class processed.
However if you already have <context:component-scan /> and the package(s) you are scanning already includes the package that contains the #Configuration class you don't need to do anything as it will be detected like any other #Component.
If you want you have your #Configuration class leading then you can simply import the XML configuration using #ImportResource.
#Configuration
#ImportResource("your-configuration-here.xml")
public class SecurityConfig {}
Either way will work, which depends on which you want to make the leading configuration standard.
Related
I would like to ask for explanation of Spring configuration types?
Here is what I know but I am confused by what I have found here on stack and other places.
XML based configuration
Java based configuration
Annotation based configuration (this is what I am interested about)
I have read a lot of articles or opinions that there are basically only two configuration options (XML and Java). So what is wrong when I consider Annotation based config as a third option? I asssume that this option is available only when I use XML based configuration using:
<context:annotation-config/>
So is that why some people does not consider Annotation based config as a third options because it is dependent on XML (or Java) config?
I have one more questions:
Can I use Annotation approach by using Java based configuration? I was not able to find how to enable it using Java. (maybe using #EnableAutoConfiguration??)
I consider this scenario using Spring Core. When we are talking about SpringBoot I assume there is Annotation config enabled by default in #SpringBootApplication annotation?
Thank you!
You are right in the general sense, I refer you to this small section in the official docs for spring [https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/context/annotation/Configuration.html]
Here you will see an example of using XML configurations using the
<beans>
<context:annotation-config/>
<bean class="com.acme.AppConfig"/>
</beans>
and JAVA spring component scanning
#Configuration
public class AppConfig {
private final SomeBean someBean;
public AppConfig(SomeBean someBean) {
this.someBean = someBean;
}
// #Bean definition using "SomeBean"
}
You are also right about springboot #SpringBootApplication I contains #Configuration, #ComponentScan and #EnableAutoConfiguration to scan and configure your beans
I am attempting to migrate a spring, non-boot, app to a boot app. The current one builds a war file. Following these instructions, I am walking through the steps to migrate.
I am finding that the #SpringBootApplication annotation forces a lot of things to fail. For instance, it tries to auto config security when I really need the existing xml security config to remain as is. I found that I can override #EnableAutoConfiguration and exclude configuration classes (.i.e. SecurityAutoConfiguration.class). But I am finding it is doing this a great deal for the items I already have on my classpath. I decided it would be better to remove #SpringBootApplication and replace it with just #Configuration, #ComponentScan and #ImportResource to load my original context xml. The class extends SpringBootServletInitializer so that I can register my custom servlets and filters.
What I have found, it now no longer knows to load the application.yml or bootstrap.yml. What triggers auto configuration of these files? Do I fall back to loading with the traditional properties placeholder configurers? I want to avoid this as the next step is to hook it up to spring cloud config to centralize the management of the application configuration.
#SpringBootApplication is a alternative for #Configuration, #EnableAutoConfiguration and #ComponentScan.
Probably you want use #Configuration + #ComponentScan. If you want load xml configuration you can use: #ImportResource annotation.
If you want use autoconfiguration, but you can disable a few auto configurations, eg:
#EnableAutoConfiguration(exclude={DataSourceAutoConfiguration.class})
Details:
http://docs.spring.io/spring-boot/docs/current/reference/html/using-boot-auto-configuration.html
http://docs.spring.io/spring-boot/docs/current/reference/html/using-boot-configuration-classes.html
http://docs.spring.io/spring-boot/docs/current/reference/html/using-boot-using-springbootapplication-annotation.html
Why do we use #ComponentScan annotation in spring ? I am not being able to figure out the exact difference between context:componentscan in xml file and #ComponentScan annotations in java and how to use them in case of classes which have been annotated with #Configuration
In short, there is no difference.
#ComponentScan - Used with #Configuration classes, for example, when you have java-based configurations for Spring.
It provides support parallel with Spring XML's <context:component-scan> element. The purpose of those two are exactly the same - to scan spring components.
But there is one advantage of xml based configuration - you don't need to compile your java code. When you added some package under <context:component-scan> then you don't need to compile java source code. Place the xml configuration file in your server and restart it.
I have been able to implement the #Secured annotation in one controller of my application. Yet, #Secured('ROLE_ADMIN') will NOT work anywhere else within the project.
It will only specifically work anywhere within my program controller and no where else.
For example, if I use it as so;
#Secured('ROLE_ADMIN')
The IDE gives me;
Multiple markers at this line
- Groovy:class Secured is not an annotation in #Secured
- Groovy:unable to resolve class Secured , unable to find class for
I have even tried checking the Spring Security Config file to check if annotations were set correctly (which seemingly they were).
Any ideas? Please help.
Thanks.
You are probably missing the required import.
At the top of each controller where you need the annotations use the grails import for Secured. Then you can use the annotations for the class or method as needed.
import grails.plugin.springsecurity.annotation.Secured
//import grails.plugins.springsecurity.Secured; - this is in older version,
// grails 2.0 and older
#Secured(['ROLE_ADMIN', 'ROLE_USER', 'ROLE_SUPERVISOR'])
class myClass {
}
Hope this helps.
Try this:
#PreAuthorize("hasRole('ROLE_ADMIN')" )
And add annotation support in spring configuration:
<!-- Allow configuration annotation (#Annotation-based configuration)-->
<context:annotation-config />
<!-- Enable scan classes -->
<context:component-scan base-package="com.your.package" />
I've created a custom annotation (in Spring 3.05) that works great. I'd like to take that code and make it part of a library, packaged in a jar file, so I don't have to include my custom annotation code in each web app I write.
I'm unable to get Spring to act on the annotation, however. My library jar is in my web app's classpath and I tried scanning for it in applicationContext.xml:
<context:component-scan base-package="my.annotation.pkg" />
The field annotated with my custom annotation continues to be null.
Ideally I'd like to this to just work with a minimum of fuss and configuration, but so far I haven't had any success.
What part of Spring's wiring am I missing to get my custom annotation recognized when it's part of an external library?
Update
Here is how I "solved" it...just had to read a little more closely. In each context file (i.e. applicationContext.xml, dispatch-servlet.xml) I added the line:
<bean class="my.annotation.CustomInjector" />
...where my CustomInjector implements BeanPostProcessor. I based this on the code at this blog post: Implementing Seam style #Logger injection with Spring.
The author says I needed to do exactly what I did, so bad on me for not reading thoroughly. Why, though, is adding that bean definition required? Maybe Spring annotations are configured similarly under the hood - I just don't get why having the jar file on the classpath isn't enough.
Is your custom annotation annotated with the #Component annotation? From the Spring reference manual:
By default, classes annotated with #Component, #Repository, #Service, #Controller, or a custom annotation that itself is annotated with #Component are the only detected candidate components.
Alternatively, you could add a custom include-filter to the component-scan element in your XML configuration.