I'm playing around with Spring Security configuration and find out, that the most common way to configure in-memory authentication is using configureGlobal()
method:
@Configuration
@EnableWebMvcSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception{
auth
.inMemoryAuthentication()
.withUser("user").password("userPwd").roles("USER");
}
}
But there is another way, which is less widely used, overriding configure()
method from WebSecurityConfigurerAdapter
:
@Configuration
@EnableWebMvcSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication(
.withUser("user").password("userPwd").roles("USER");
}
}
I'm just wondering, what's the difference between them and what's the point of usage configureGlobal()
method over configure()
one?
This answer helped me.
If you already extend class like WebMvcConfiguratorAdapter
, you have two choices for security settings.
Using configureGlobal()
method:
@Configuration
class approach.WebMvcConfigurerAdapter
+ @EnableWebSecurity
Overriding configure()
method:
@Configuration
class.WebSecurityConfiguratorAdapter
for security setup.MySecurityConfig
extends WebSecurityConfigurerAdapter
As the spring security doc says:
The name of the
configureGlobal
method is not important. However, it is important to only configureAuthenticationManagerBuilder
in a class annotated with either@EnableWebSecurity
,@EnableGlobalMethodSecurity
, or@EnableGlobalAuthentication
. Doing otherwise has unpredictable results.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.