Fix recommended authentication configuration to match samples

pull/1588/head
Dave Syer 10 years ago
parent 338288205b
commit 993c7691ec

@ -1369,16 +1369,17 @@ http://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#jc
Spring Security also provides a convenient `AuthenticationManagerBuilder` which can be
used to build an `AuthenticationManager` with common options. The recommended way to
use this in a webapp is to inject it into a void method in a
use this in a webapp is to inject it into a callback method in a
`WebSecurityConfigurerAdapter`, e.g.
[source,java,indent=0,subs="verbatim,quotes,attributes"]
----
@Configuration
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("barry").password("password").roles("USER"); // ... etc.
}
@ -1393,6 +1394,22 @@ You will get the best results if you put this in a nested class, or a standalone
order of instantiation). The {github-code}/spring-boot-samples/spring-boot-sample-web-secure[secure web sample]
is a useful template to follow.
If you experience instantiation issues (e.g. using JDBC or JPA for the
user detail store) it might be worth extracting the
`AuthenticationManagerBuilder` callback into a
`GlobalAuthenticationConfigurerAdapter` (in the `init()` method so it
happens before the authentication manager is needed elsewhere), e.g.
```
@Configuration
public class AuthenticationManagerConfiguration extends
GlobalAuthenticationConfigurerAdapter {
@Override
public void init(AuthenticationManagerBuilder auth) {
auth.inMemoryAuthentication() // ... etc.
}
}
```
[[howto-enable-https]]

Loading…
Cancel
Save