Announcement Announcement Module
No announcement yet.
Configure "global-method-security" programmatically in WebMvcConfigurationSupport? Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Configure "global-method-security" programmatically in WebMvcConfigurationSupport?

    In my spring application, I have 2 contexts:
    * root "applicationContext", which is defined in an XML file.
    * MVC "servlet" application context, which is defined programmatically.

    I have to define the servlet context programmatically in order to set some Spring core parameters that are not exposed to the XML configuration. However, I now want to add method security via @PreAuthorize annotations.
    I'm not sure how to do this. With the Spring core values, it's fairly easy to find them, starting by looking at the
    WebMvcConfigurationSupport API.

    Does anyone know how to add <global-method-security> support to by @Configuration class?:

    public class MyConfiguration extends WebMvcConfigurationSupport {

    // How to add <global-method-security> support???


  • #2
    This question has been answered before so please use the forum search. In short take a look at the GlobalMethodSecurityBeanDefinitionParser as that contains the beans that need to be configured. However why not simply use xml for this and use @ImportResource to configure this part (Spring Security currently hasn't any Java Config support like the Spring Framework has).


    • #3
      I had searched the forum but didn't find anything that answered my specific question.
      And I had looked at GlobalMethodSecurityBeanDefinitionParser, but to work with it, it seemed complicated -- and I was hoping there was another way to configure it that I had missed.
      I was actually just starting down the path of trying to configure the "security" elements in a separate file.


      • #4
        The GlobalMethodSecurityBeanDefinitionParser is the class that contains the beans that are registered you cannot use that bean directly from java config you would have to extract from that class the beans you need to configure.

        However for easy of configuration I would simply add an xml and use the namespace to configure security.


        • #5
          Thanks. I have it all working now using @ImportResource(value={"security.xml"}) on my Configuration class.