@groovy.transform.CompileStatic @groovy.util.logging.Slf4j class ComponentBasedConfigBlender extends java.lang.Object
Blends user-defined Spring Security configuration components (the patterns recommended by Spring Security without the WebSecurityConfigurerAdapter) into the Grails Spring Security plugin's runtime structures.
The Grails plugin pre-dates the component-based model and owns the servlet
security stack via its own FilterChainProxy, ProviderManager
and GormUserDetailsService. This blender lets users keep using the
blog post's idioms (@Bean SecurityFilterChain,
@Bean AuthenticationProvider, spring.security.user.*) and
have them coexist with the plugin's grails.plugin.springsecurity.*
configuration instead of being silently ignored.
Each merge method is idempotent and safe to invoke multiple times.
Each merge is enabled by default and can be disabled individually via configuration:
grails:
plugin:
springsecurity:
componentBased:
autoMergeSecurityFilterChain: false # disable user| Constructor and description |
|---|
ComponentBasedConfigBlender() |
| Type Params | Return Type | Name and description |
|---|---|---|
|
static InMemoryUserDetailsManager |
bridgeSpringSecurityUserProperties(java.lang.String userName, java.lang.String userPassword, java.util.List<java.lang.String> userRoles)If spring.security.user.name (and optionally
spring.security.user.password / spring.security.user.roles)
are set, returns an InMemoryUserDetailsManager containing that
single user, mimicking what Spring Boot's
UserDetailsServiceAutoConfiguration would have created had it not
been excluded by SecurityAutoConfigurationExcluder. |
|
static UserDetailsService |
chainUserDetailsServices(ApplicationContext applicationContext, UserDetailsService primaryUserDetailsService)Wraps the plugin's primary UserDetailsService bean in a chain that
also queries every other user-defined UserDetailsService bean in
the application context. |
|
static int |
mergeUserAuthenticationProviders(ApplicationContext applicationContext, ProviderManager authenticationManager)Adds user-defined AuthenticationProvider beans to the plugin's ProviderManager. |
|
static int |
mergeUserSecurityFilterChains(ApplicationContext applicationContext, java.util.List<SecurityFilterChain> pluginChains)Adds user-defined SecurityFilterChain beans to the plugin's filter chain list. |
| Methods inherited from class | Name |
|---|---|
class java.lang.Object |
java.lang.Object#equals(java.lang.Object), java.lang.Object#getClass(), java.lang.Object#hashCode(), java.lang.Object#notify(), java.lang.Object#notifyAll(), java.lang.Object#toString(), java.lang.Object#wait(), java.lang.Object#wait(long), java.lang.Object#wait(long, int) |
If spring.security.user.name (and optionally
spring.security.user.password / spring.security.user.roles)
are set, returns an InMemoryUserDetailsManager containing that
single user, mimicking what Spring Boot's
UserDetailsServiceAutoConfiguration would have created had it not
been excluded by SecurityAutoConfigurationExcluder.
Defaults follow Spring Boot's defaults:
password - user (literal)roles - [USER]The returned manager is intended to be combined with
chainUserDetailsServices so it coexists with the plugin's primary
userDetailsService. Returns null if
spring.security.user.name is not set.
userName - the resolved spring.security.user.name valueuserPassword - the resolved spring.security.user.password
value (may be null)userRoles - the resolved spring.security.user.roles value
(may be null)InMemoryUserDetailsManager, or null if
the bridge is not applicable Wraps the plugin's primary UserDetailsService bean in a chain that
also queries every other user-defined UserDetailsService bean in
the application context. The plugin's bean is queried first; user beans
are queried in bean-name order if the plugin's bean throws
org.springframework.security.core.userdetails.UsernameNotFoundException.
This method does not modify the plugin's bean directly. Instead it
returns a UserDetailsService that callers can substitute in their
authentication providers if they want the chained behaviour. The Grails
plugin core does not currently rewire its providers to use the chained
UDS automatically; users who want this behaviour should declare the
returned service as a bean and reference it via
grails.plugin.springsecurity.dao.userDetailsService (or the
provider-specific equivalent).
applicationContext - the application context to scanprimaryUserDetailsService - the plugin's primary
userDetailsService bean (typically
GormUserDetailsService)UserDetailsService, or the primary unchanged if
no other user beans are presentAdds user-defined AuthenticationProvider beans to the plugin's ProviderManager. User providers are appended so that the plugin's primary providers (typically the GORM-backed DAO provider) are tried first.
Providers already present in the manager (for example, those declared
via grails.plugin.springsecurity.providerNames) are not
re-added.
applicationContext - the application context to scanauthenticationManager - the plugin's authenticationManager
bean (a ProviderManager)Adds user-defined SecurityFilterChain beans to the plugin's filter chain list. User chains are prepended (higher precedence) because their request matchers are typically more specific than the plugin's catch-all chain.
The plugin's own chains are not registered as named beans (they are
appended directly to securityFilterChains in
SpringSecurityUtils.buildFilterChains), so every
SecurityFilterChain bean visible to the application context is
treated as user-defined.
applicationContext - the application context to scanpluginChains - the plugin's mutable securityFilterChains list
(the same list the plugin's FilterChainProxy references)