无法获得Spring Security来拦截请求

Question

After searching all around and looking at lots of other examples, I can't seem to get Spring to intercept requests. I must not have something configured correctly, or my expectations are misguided. Could someone tell me what I'm doing wrong?

This sets up the annotation config

public class WebMVCApplicationInitializer implements WebApplicationInitializer
{
    @Override
    public void onStartup(ServletContext servletContext) throws ServletException
    {
        WebApplicationContext context = getContext();
        servletContext.addListener(new ContextLoaderListener(context));
        ServletRegistration.Dynamic dispatcher =
                servletContext.addServlet("DispatcherServlet", new DispatcherServlet(context));
        dispatcher.setLoadOnStartup(1);
        dispatcher.addMapping("/*");
    }

    private AnnotationConfigWebApplicationContext getContext()
    {
        AnnotationConfigWebApplicationContext context = new AnnotationConfigWebApplicationContext();
        context.setConfigLocation(String.valueOf(this.getClass().getPackage()));
        return context;
    }
}

My WebMvcConfig - specifies which package to find annotated controllers

@Configuration
@EnableWebMvc
@ComponentScan(basePackages = "myproject.controller")
public class WebMvcConfig extends WebMvcConfigurerAdapter
{

}

My SecurityConfig - should match and require authentication on everything

@Configuration
@EnableWebMvcSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter
{

    @Override
    protected void configure(HttpSecurity http) throws Exception
    {
        // @formatter:off
        http
            .authorizeRequests()
                .anyRequest().authenticated();
        // @formatter:on
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception
    {
        auth
            .inMemoryAuthentication()
            .withUser("user").password("password").roles("USER");
    }
}

finally, my Controller - just gives a trivial response for testing

@RestController
public class SessionController
{
    @ResponseBody
    @RequestMapping(value = "echo", method = RequestMethod.GET)
    public Map<String, Object> testResponse()
    {
        Map<String, Object> modelMap = new HashMap<String, Object>();
        modelMap.put("data", "test for echo");
        return modelMap;
    }
}

Now, my expectation is that when I run this, and point a browser to /echo, it should require authentication, or error, or something. Instead, I simply get {"data":"test for echo"} . (I recognize that I haven't specified an authentication provider, but I'd at least expect an error.)

What am I missing?

Answer 1

n/m - I figured it out.

I needed to add the security filter chain to the application context.

    FilterRegistration.Dynamic security =
            servletContext.addFilter("springSecurityFilterChain", new DelegatingFilterProxy());
    security.addMappingForUrlPatterns(dispatcherTypes, true, "/*");