CODEWITHSUNDEEP
javarestspring-boot
vmaric
vmaric

Reputation: 369

Configure Security at Spring Boot

I'm pretty new in the spring-boot. I'm trying to make a REST service with mongodb in backend. In mongodb I made the Customers table and sekond users table. In the users table I defined column for the username, password, and roles as a series. Trying to authenticate users who accesses on REST service, from table user. On the Internet I found two cases when we extend WebSecurityConfigurerAdapter or second way when we extend GlobalAuthenticationConfigurerAdapter. In first case I have bean found example on web where we make custom AuthenticationProvider, but in second way we deal with UserDetailsSerivce. My question is how I can dive deeper into this issue? Even watching in source cod of huge interfaces end classes i can not do those staff differently as in a tutorial. And what is main difference between these two way? Who handle or how handle Spring-boot security?(is there something like a dispatcher servlet who handles MVC?)

Upvotes: 0

Views: 290

Answers (2)

Sergii Getman
Sergii Getman

Reputation: 4371

@vmaric i haven't use it, but looks like logic is the same:

@Configuration
public class AuthenticationManagerConfiguration extends
        GlobalAuthenticationConfigurerAdapter {

    @Override
    public void init(AuthenticationManagerBuilder auth) {
        auth.inMemoryAuthentication() // ... etc. <-------
    }

}

Upvotes: 1

Sergii Getman
Sergii Getman

Reputation: 4371

According to Spring Security you have to provide Security Configuration :

@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter

with overriden method that provides AuthenticationManager:

@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {...}

it could be in-memory implementation:

@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication() .withUser("user").password("password").roles("USER").and() .withUser("admin").password("password").roles("USER", "ADMIN");
}

or implementation relies on your UserDetailsService implementation:

@Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
authenticationManagerBuilder
                .userDetailsService(userDetailsService)
                .passwordEncoder(passwordEncoder());
}

Here is an example how to start SpringSecurity on Spring Boot

Upvotes: 0

Related Questions