until now, I have been using security-realms to authenticate and authorize users. However, I'd like to switch to the Spring Security framework, preferably not using any other parts of the Spring framework. I managed to set-up a httpBasic in-memory authentication, which works fine.
Now I would like to create a custom UserDetailsService implementing my own authorization. My UserDetailsService-Implementation is a Stateless EJB which I cannot inject in to the SecurityConfig, getting the error What can I do to get this working?
Thank you!
This is my only configuration so far:
public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer {
public SecurityWebApplicationInitializer() {
super(SecurityConfig.class);
}
}
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER");
}
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
.httpBasic();
}
}
@Stateless
public class UserDetailsImpl implements UserDetailsService {
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
//No Implementation yet
return null;
}
}
Aucun commentaire:
Enregistrer un commentaire