0

I'm looking for an example of how to do a code based configuration of the spring-security.xml file. This is a standard spring-security.xml file that I'm using to guide myself.

<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">

<http auto-config="true">
    <intercept-url pattern="/admin**" access="ROLE_USER" />
    <form-login 
        login-page="/login" 
        default-target-url="/welcome" 
        authentication-failure-url="/login?error" 
        username-parameter="username"
        password-parameter="password" />
    <logout logout-success-url="/login?logout" />
    <!-- enable csrf protection -->
    <csrf/>
</http>

<authentication-manager>
    <authentication-provider>
      <user-service>
        <user name="mkyong" password="123456" authorities="ROLE_USER" />
      </user-service>
    </authentication-provider>
</authentication-manager>
</beans:beans>

And this is a code based configuration class that I'm also using to guide myself

@EnableWebSecurity
@Configuration
public class CustomWebSecurityConfigurerAdapter extends
   WebSecurityConfigurerAdapter {
  @Autowired
  public void configureGlobal(AuthenticationManagerBuilder auth) {
    auth
      .inMemoryAuthentication()
        .withUser("user")  // #1
          .password("password")
          .roles("USER")
          .and()
        .withUser("admin") // #2
          .password("password")
          .roles("ADMIN","USER");
  }

  @Override
  public void configure(WebSecurity web) throws Exception {
    web
      .ignoring()
         .antMatchers("/resources/**"); // #3
  }

  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http
      .authorizeUrls()
        .antMatchers("/signup","/about").permitAll() // #4
        .antMatchers("/admin/**").hasRole("ADMIN") // #6
        .anyRequest().authenticated() // 7
        .and()
    .formLogin()  // #8
        .loginUrl("/login") // #9
        .permitAll(); // #5
  }
}

But if you see in the spring-security.xml file there are these URLS 

http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">

How do I put those URL in code? or should I just ignore them.

Improve this question

1 Answer 1

Reset to default
1

These URLs are where you find spring security XML schemas and the URL ended in .xsd are the XML schemas itself.

Did you try access http://www.springframework.org/schema/security? If so, you will see some XSD files, which are XML schemas.

From XML schema recommendation/specification:

XML Schemas express shared vocabularies and allow machines to carry out rules made by people. They provide a means for defining the structure, content and semantics of XML documents in more detail.

An XML schema describes the structure of an XML document. In other works, XML schemas will help and guarantee to you that your XML config is a valid XML.

As you are now using code based configuration, you can just ignore, is not necessary, the schema is now the Java code, interfaces, methods, etc.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.