0

I'm trying to add Spring security to an existing Spring MVC project. I'm using this as a guide:

http://docs.spring.io/spring-security/site/docs/current/guides/html5//hellomvc.html

However, I can't get the project to display the login screen. I copied SecurityConfig.java and MessageSecurityWebApplicationInitializer.java verbatim, when I turn boot logging to DEBUG, I see this:

o.s.b.c.e.ServletContextInitializerBeans : Created Filter initializer for bean 'springSecurityFilterChain'; order=2147483647, resource=class path resource [org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class]

Which suggests that MessageSecurityWebApplicationInitializer is never being looked at. Sure enough, if I create a default constructor and set a breakpoint, it's never getting hit.

Interestingly, SecurityConfig.configureGlobal is called, which seems like the call that should be setting up the login screen.

So what steps need to happen to make MessageSecurityWebApplicationInitializer do its thing? I'm still trying to understand how Spring handles dependency injection, etc.--what about this class declaration should cause this to get picked up during boot (I would have expected some sort of annotation):

public class MessageSecurityWebApplicationInitializer
      extends AbstractSecurityWebApplicationInitializer {
}

I can't share much other code unfortunately, but this is the Application file:

@ComponentScan(basePackages={"..."})
@EnableAutoConfiguration(exclude={DataSourceAutoConfiguration.class, SpringBootWebSecurityConfiguration.class})
@Configuration
public class Application extends SpringBootServletInitializer {

    /**
     * The main() method is required by the framework.
     * 
     * @param args
     * @throws IOException
     */
    public static void main(String[] args) throws Exception {

        SpringApplication.run(Application.class, args);
    }
}

The one thing that the sample has that this project doesn't is the MessageWebApplicationInitializer class, but to me it looks like that functionality should be picked up by my Application class.

Thanks!

Improve this question

2 Answers 2

Reset to default
3

You must add annotations @Configuration and @EnableWebSecurity to your MessageSecurityWebApplicationInitializer and take care that its picked up by spring. Than it should work.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Hey thanks. Now the constructor for MessageSecurityWebApplicationInitializer is being called, so that's a step forward. I'm still seeing this: Created Filter initializer for bean 'springSecurityFilterChain'; order=2147483647, resource=class path resource [org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class] so it seems like the filter isn't getting set up properly. But this was really helpful, thanks.
I'm also curious why the sample doesn't need these annotations..?
In the tutorial there the class is SecurityConfig is annotated with '@EnableWebSecurity'. This annotation can be placed on any configuration, so the effect is the same as placing it on the MessageSecurityWebApplicationInitializer. And you are right, the annotation '@Configuration' is missing in the tutorial, which looks like an error to me.
0

So it turns out the problem was these lines in my gradle build:

compile(group: "org.springframework.boot", name: "spring-boot-starter-actuator", version: "1.2.3.RELEASE")
compile(group: "org.springframework.boot", name: "spring-boot-starter-web", version: "1.2.3.RELEASE")
compile(group: "org.springframework.boot", name: "spring-boot-starter-test", version: "1.2.3.RELEASE")
compile(group: "org.springframework.boot", name: "spring-boot-starter-jdbc", version: "1.2.3.RELEASE")

It would be great if anyone could shed some insight into why these lines would break the security setup.

Improve this answer

1 Comment

What do you mean by these lines. Did you add these lines ?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.