Announcement Announcement Module
Collapse
No announcement yet.
Spring Security java configuration via @Features Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring Security java configuration via @Features

    Morning, gentleman.

    Looks like we got Spring 3.1.0.M1 released and working, giving the ability to create complete XML-free configuration for data access, services, transactions and mvc stuff. Remaining XML-configurable part of many applications, including mine, is Spring Security. Both method security, web configuration etc.

    It seems that creating all security beans by hand in custom @Configuration is quite verbose and error-prone, so @FeatureConfiguration provided by Spring Security developers is highly appreciated. I understand that we don't have any @FeatureConfiguration bundled in 3.1.0.RC1, but I also found no Jira issue on this subject.
    So, guys, is there any support for XML-free configuration coming?

  • #2
    To be honest I have been thinking about implementing this along with support for removing configuration out of web.xml. I'm not exactly sure if/when it would be released though. I added this to JIRA along with support for Servlet 3.0 (which should be in Spring 3.1.0.M2) so that they could be properly tracked

    Comment


    • #3
      PS you might want to vote on the issue if you want it (helps to prioritize things)

      Comment


      • #4
        Thank you for the issue. Will keep my eye on it.
        Unfortunately, I was unable to vote since I'm not authorized and I found no registration link there.

        Comment


        • #5
          The sign up link is available from the login page.

          Comment


          • #6
            Thank you. My vote is there.

            Comment


            • #7
              This should be definitely included.
              Spring 3.1 is focusing more on complete XML free setup using Features etc. so I hop Spring Security 3.1 will follow this path as well.

              Comment


              • #8
                We have been discussing Java configuration options recently and it's something I'd really like to see. However, it's not a trivial problem for Spring Security.

                The XML namespace is effectively a DSL which makes it very simple to put together a configuration with minimal code. Ideally we want something that provides all the power of Java, and direct access to the classes involved, without the verbosity of having to declare lots of beans.

                Comment


                • #9
                  Is it the @FeatureConfiguration support, Luke, or you search for some other solution?

                  Comment


                  • #10
                    As it stands it appears the @Feature support is being removed in 3.1 M2.

                    From SVN history

                    Feature-related support such as @Feature, @FeatureConfiguration,
                    and FeatureSpecification types will be replaced by framework-provided @Configuration classes and convenience annotations such as @ComponentScan (already exists), @EnableAsync, @EnableScheduling, @EnableTransactionManagement and others.
                    This means Spring Security will be following similar pattern...but almost guarantees it will not be doing @FeatureConfiguration.
                    Last edited by Rob Winch; May 11th, 2011, 01:43 PM. Reason: added link

                    Comment


                    • #11
                      Rob is right this changed to the @Enable annotations.

                      So I hope something like @EnableSecurity will be available.

                      I think Spring Security could follow the same path like @EnableWebMvc (http://static.springsource.org/sprin...bleWebMvc.html) and it's WebMvcConfigurer/WebMvcConfigurerAdapter to customize bean creations and detail settings. See http://static.springsource.org/sprin...onfigurer.html.

                      Comment


                      • #12
                        Hi,
                        Any updates on Java based configuration support for Spring Security?
                        Thanks.
                        Eugen.

                        Comment


                        • #13
                          See Luke's blog about the scala config project. Note this is not officially supported at the moment, but the blog comments also talk about why java config is not yet supported.

                          Comment


                          • #14
                            I've seen the Scala github project, thank you. I was hoping that there was some official word on this, but I understand - the Scala project is as close as we're going to get for now. Thanks for the help.
                            Eugen.

                            Comment


                            • #15
                              Any movement on this? I'm working on a project that is pushing Java Configuration.

                              Right now I'm just trying to figure out how to get the DelegatingFilterProxy to recognize the WebApplicationContext

                              Code:
                                 final ServletContextHandler webServletContextHandler = new ServletContextHandler(ServletContextHandler.SESSIONS);
                                 webServletContextHandler.setContextPath(commandLine.getContextPath());
                                 webServletContextHandler.setClassLoader(Thread.currentThread().getContextClassLoader());
                                 webServletContextHandler.addServlet(new ServletHolder(new DispatcherServlet(configureSpringApplicationContext(webServletContextHandler, commandLine))), "/*");
                                    // Do I need to do this??? : 
                                    //   EnumSet<DispatcherType> dispatcherType = EnumSet.noneOf(DispatcherType.class);
                                    //   webServletContextHandler.addFilter("org.springframework.web.filter.DelegatingFilterProxy", "/*", dispatcherType);
                                 webServletContextHandler.addFilter("org.springframework.web.filter.DelegatingFilterProxy", "/*", null);
                              And of course get the "No WebApplicationContext found: no ContextLoaderListener registered?"

                              Is there a way around this, or am I going to have to load the security XML configuration?

                              Comment

                              Working...
                              X