Disable/enable OAuth2 without two security configurations
up vote
0
down vote
favorite
I'm working on a Spring Boot application that uses OAuth2 to realize SSO.
Right now I'm using the @ConditionalOnProperty annotation on my security configuration to disable OAuth2 when needed:
@Configuration
@ConditionalOnProperty("some.property")
@Order(SecurityProperties.BASIC_AUTH_ORDER-3)
@EnableOAuth2Sso
public class SecurityConfigurationOAuth2 extends WebSecurityConfigurerAdapter {
I also have a second security configuration that is beeing used when OAuth is disabled:
@Configuration
@Order(SecurityProperties.BASIC_AUTH_ORDER-2)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
So far this is working but I don't like having two almost identical configurations. The only thing that needs to be disabled/enabled by a property is the @EnableOAuth2Sso annotation.
Is there another way to achieve this?
java spring spring-boot spring-security spring-security-oauth2
asked Nov 15 at 11:57
xLdoubleR
14
add a comment |
up vote
0
down vote
favorite
I'm working on a Spring Boot application that uses OAuth2 to realize SSO.
Right now I'm using the @ConditionalOnProperty annotation on my security configuration to disable OAuth2 when needed:
@Configuration
@ConditionalOnProperty("some.property")
@Order(SecurityProperties.BASIC_AUTH_ORDER-3)
@EnableOAuth2Sso
public class SecurityConfigurationOAuth2 extends WebSecurityConfigurerAdapter {
I also have a second security configuration that is beeing used when OAuth is disabled:
@Configuration
@Order(SecurityProperties.BASIC_AUTH_ORDER-2)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
So far this is working but I don't like having two almost identical configurations. The only thing that needs to be disabled/enabled by a property is the @EnableOAuth2Sso annotation.
Is there another way to achieve this?
java spring spring-boot spring-security spring-security-oauth2
asked Nov 15 at 11:57
xLdoubleR
14
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I'm working on a Spring Boot application that uses OAuth2 to realize SSO.
Right now I'm using the @ConditionalOnProperty annotation on my security configuration to disable OAuth2 when needed:
@Configuration
@ConditionalOnProperty("some.property")
@Order(SecurityProperties.BASIC_AUTH_ORDER-3)
@EnableOAuth2Sso
public class SecurityConfigurationOAuth2 extends WebSecurityConfigurerAdapter {
I also have a second security configuration that is beeing used when OAuth is disabled:
@Configuration
@Order(SecurityProperties.BASIC_AUTH_ORDER-2)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
So far this is working but I don't like having two almost identical configurations. The only thing that needs to be disabled/enabled by a property is the @EnableOAuth2Sso annotation.
Is there another way to achieve this?
java spring spring-boot spring-security spring-security-oauth2
asked Nov 15 at 11:57
xLdoubleR
14
I'm working on a Spring Boot application that uses OAuth2 to realize SSO.
Right now I'm using the @ConditionalOnProperty annotation on my security configuration to disable OAuth2 when needed:
@Configuration
@ConditionalOnProperty("some.property")
@Order(SecurityProperties.BASIC_AUTH_ORDER-3)
@EnableOAuth2Sso
public class SecurityConfigurationOAuth2 extends WebSecurityConfigurerAdapter {
I also have a second security configuration that is beeing used when OAuth is disabled:
@Configuration
@Order(SecurityProperties.BASIC_AUTH_ORDER-2)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
So far this is working but I don't like having two almost identical configurations. The only thing that needs to be disabled/enabled by a property is the @EnableOAuth2Sso annotation.
Is there another way to achieve this?
java spring spring-boot spring-security spring-security-oauth2
java spring spring-boot spring-security spring-security-oauth2
asked Nov 15 at 11:57
xLdoubleR
14
asked Nov 15 at 11:57
xLdoubleR
14
asked Nov 15 at 11:57
xLdoubleR
14
asked Nov 15 at 11:57
xLdoubleR
14
asked Nov 15 at 11:57
xLdoubleR
14
14
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
up vote
0
down vote
If it really is only the @EnableOAuth2Sso annotation that has to be enabled/disabled, is there any reason you can't just create another configuration which only has that annotation plus a @ConditionalOnProperty or @Profile?
Although not tested, you may be able to have a nested configuration class that is strictly meant for the conditional annotation like this:
@Configuration
@Order(SecurityProperties.BASIC_AUTH_ORDER-3)
public class SecurityConfigurationOAuth2 extends WebSecurityConfigurerAdapter {
@Configuration
@ConditionalOnProperty("some.property") // Or use a profile
@EnableOAuth2Sso
static class EnableSSOConfig {
}
....
}
answered Nov 16 at 15:52
Steve W
111
Yes, it is just the @EnableAuth2Sso annotation. This is basically what I'm doing right now, I'm sorry if my main post didn't convey this to you. The thing is I don't want to use two configurations because the HttpSecurity-object has to be maintained in both and is quite extensive.
– xLdoubleR
Nov 19 at 14:34
I'm not suggesting having two almost identical configurations. I'm suggesting having one main configuration which is always loaded and then another one specifically for the @EnableOAuth2Sso annotation that is conditional. My code example is just giving you an option where you could keep the conditional annotation in your security config class just to keep things organized.
– Steve W
Nov 20 at 15:05
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
If it really is only the @EnableOAuth2Sso annotation that has to be enabled/disabled, is there any reason you can't just create another configuration which only has that annotation plus a @ConditionalOnProperty or @Profile?
Although not tested, you may be able to have a nested configuration class that is strictly meant for the conditional annotation like this:
@Configuration
@Order(SecurityProperties.BASIC_AUTH_ORDER-3)
public class SecurityConfigurationOAuth2 extends WebSecurityConfigurerAdapter {
@Configuration
@ConditionalOnProperty("some.property") // Or use a profile
@EnableOAuth2Sso
static class EnableSSOConfig {
}
....
}
answered Nov 16 at 15:52
Steve W
111
Yes, it is just the @EnableAuth2Sso annotation. This is basically what I'm doing right now, I'm sorry if my main post didn't convey this to you. The thing is I don't want to use two configurations because the HttpSecurity-object has to be maintained in both and is quite extensive.
– xLdoubleR
Nov 19 at 14:34
I'm not suggesting having two almost identical configurations. I'm suggesting having one main configuration which is always loaded and then another one specifically for the @EnableOAuth2Sso annotation that is conditional. My code example is just giving you an option where you could keep the conditional annotation in your security config class just to keep things organized.
– Steve W
Nov 20 at 15:05
add a comment |
up vote
0
down vote
If it really is only the @EnableOAuth2Sso annotation that has to be enabled/disabled, is there any reason you can't just create another configuration which only has that annotation plus a @ConditionalOnProperty or @Profile?
Although not tested, you may be able to have a nested configuration class that is strictly meant for the conditional annotation like this:
@Configuration
@Order(SecurityProperties.BASIC_AUTH_ORDER-3)
public class SecurityConfigurationOAuth2 extends WebSecurityConfigurerAdapter {
@Configuration
@ConditionalOnProperty("some.property") // Or use a profile
@EnableOAuth2Sso
static class EnableSSOConfig {
}
....
}
answered Nov 16 at 15:52
Steve W
111
Yes, it is just the @EnableAuth2Sso annotation. This is basically what I'm doing right now, I'm sorry if my main post didn't convey this to you. The thing is I don't want to use two configurations because the HttpSecurity-object has to be maintained in both and is quite extensive.
– xLdoubleR
Nov 19 at 14:34
I'm not suggesting having two almost identical configurations. I'm suggesting having one main configuration which is always loaded and then another one specifically for the @EnableOAuth2Sso annotation that is conditional. My code example is just giving you an option where you could keep the conditional annotation in your security config class just to keep things organized.
– Steve W
Nov 20 at 15:05
add a comment |
up vote
0
down vote
up vote
0
down vote
If it really is only the @EnableOAuth2Sso annotation that has to be enabled/disabled, is there any reason you can't just create another configuration which only has that annotation plus a @ConditionalOnProperty or @Profile?
Although not tested, you may be able to have a nested configuration class that is strictly meant for the conditional annotation like this:
@Configuration
@Order(SecurityProperties.BASIC_AUTH_ORDER-3)
public class SecurityConfigurationOAuth2 extends WebSecurityConfigurerAdapter {
@Configuration
@ConditionalOnProperty("some.property") // Or use a profile
@EnableOAuth2Sso
static class EnableSSOConfig {
}
....
}
answered Nov 16 at 15:52
Steve W
111
If it really is only the @EnableOAuth2Sso annotation that has to be enabled/disabled, is there any reason you can't just create another configuration which only has that annotation plus a @ConditionalOnProperty or @Profile?
Although not tested, you may be able to have a nested configuration class that is strictly meant for the conditional annotation like this:
@Configuration
@Order(SecurityProperties.BASIC_AUTH_ORDER-3)
public class SecurityConfigurationOAuth2 extends WebSecurityConfigurerAdapter {
@Configuration
@ConditionalOnProperty("some.property") // Or use a profile
@EnableOAuth2Sso
static class EnableSSOConfig {
}
....
}
answered Nov 16 at 15:52
Steve W
111
answered Nov 16 at 15:52
Steve W
111
answered Nov 16 at 15:52
Steve W
111
answered Nov 16 at 15:52
Steve W
111
111
Yes, it is just the @EnableAuth2Sso annotation. This is basically what I'm doing right now, I'm sorry if my main post didn't convey this to you. The thing is I don't want to use two configurations because the HttpSecurity-object has to be maintained in both and is quite extensive.
– xLdoubleR
Nov 19 at 14:34
I'm not suggesting having two almost identical configurations. I'm suggesting having one main configuration which is always loaded and then another one specifically for the @EnableOAuth2Sso annotation that is conditional. My code example is just giving you an option where you could keep the conditional annotation in your security config class just to keep things organized.
– Steve W
Nov 20 at 15:05
add a comment |
Yes, it is just the @EnableAuth2Sso annotation. This is basically what I'm doing right now, I'm sorry if my main post didn't convey this to you. The thing is I don't want to use two configurations because the HttpSecurity-object has to be maintained in both and is quite extensive.
– xLdoubleR
Nov 19 at 14:34
I'm not suggesting having two almost identical configurations. I'm suggesting having one main configuration which is always loaded and then another one specifically for the @EnableOAuth2Sso annotation that is conditional. My code example is just giving you an option where you could keep the conditional annotation in your security config class just to keep things organized.
– Steve W
Nov 20 at 15:05
Yes, it is just the @EnableAuth2Sso annotation. This is basically what I'm doing right now, I'm sorry if my main post didn't convey this to you. The thing is I don't want to use two configurations because the HttpSecurity-object has to be maintained in both and is quite extensive.
– xLdoubleR
Nov 19 at 14:34
Yes, it is just the @EnableAuth2Sso annotation. This is basically what I'm doing right now, I'm sorry if my main post didn't convey this to you. The thing is I don't want to use two configurations because the HttpSecurity-object has to be maintained in both and is quite extensive.
– xLdoubleR
Nov 19 at 14:34
I'm not suggesting having two almost identical configurations. I'm suggesting having one main configuration which is always loaded and then another one specifically for the @EnableOAuth2Sso annotation that is conditional. My code example is just giving you an option where you could keep the conditional annotation in your security config class just to keep things organized.
– Steve W
Nov 20 at 15:05
I'm not suggesting having two almost identical configurations. I'm suggesting having one main configuration which is always loaded and then another one specifically for the @EnableOAuth2Sso annotation that is conditional. My code example is just giving you an option where you could keep the conditional annotation in your security config class just to keep things organized.
– Steve W
Nov 20 at 15:05
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53319003%2fdisable-enable-oauth2-without-two-security-configurations%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
