vendredi 29 mai 2015

Configure Spring Security using EJB

until now, I have been using security-realms to authenticate and authorize users. However, I'd like to switch to the Spring Security framework, preferably not using any other parts of the Spring framework. I managed to set-up a httpBasic in-memory authentication, which works fine.

Now I would like to create a custom UserDetailsService implementing my own authorization. My UserDetailsService-Implementation is a Stateless EJB which I cannot inject in to the SecurityConfig, getting the error What can I do to get this working?

Thank you!

This is my only configuration so far:

public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer {

    public SecurityWebApplicationInitializer() {
        super(SecurityConfig.class);
    }
}

@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {

        auth
            .inMemoryAuthentication()
                .withUser("user").password("password").roles("USER");
    }

    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
                .anyRequest().authenticated()
                .and()
            .httpBasic();        
    }
}

@Stateless
public class UserDetailsImpl implements UserDetailsService {

    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        //No Implementation yet
        return null;
    }
}

Aucun commentaire:

Enregistrer un commentaire