Freitag, 5. Juli 2013

Spring Security Java Configuration

Spring Security now has new module called spring-security-javaconfig. It provides a fluent builder API to configure spring security in Java code instead of XML. I used the CI build in a simple demo blog application and I really like it to have no XML file in the whole web project. The code snippet belows shows the security configuration from this demo appliction.
To get spring security support up and running the "DelegatingFilterProxy" must be added to your web application filter chain. This can also be done without any XML by using the Servlet API 3.0 features by using the Spring "AbstractAnnotationConfigDispatcherServletInitializer" base class to configure the web-app. The web-app configuration is shown in the code listing below.
More details on spring security java config see the github project.


  1. Thank you for this post. Very helpful. Could you explain, what should be in WebConfiguration class (for getServletConfigClasses method)? If I understand correctly, your BlogConfiguration class has root context configuration for all application, contains the core application related beans(services, repositories, entityManagers). Does WebConfiguration class contains just the things required by Spring MVC(Controllers, view resolvers)?

  2. thanks, good example for spring, can you please update instead of in memory auth, login with database, just for example, like we have in backend already login method, like login(username, pass) .

  3. Really Nice Information,Thank You Very Much For Sharing.
    Web Designing Company