Disable/enable OAuth2 without two security configurations











up vote
0
down vote

favorite












I'm working on a Spring Boot application that uses OAuth2 to realize SSO.
Right now I'm using the @ConditionalOnProperty annotation on my security configuration to disable OAuth2 when needed:



@Configuration
@ConditionalOnProperty("some.property")
@Order(SecurityProperties.BASIC_AUTH_ORDER-3)
@EnableOAuth2Sso
public class SecurityConfigurationOAuth2 extends WebSecurityConfigurerAdapter {


I also have a second security configuration that is beeing used when OAuth is disabled:



@Configuration
@Order(SecurityProperties.BASIC_AUTH_ORDER-2)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {


So far this is working but I don't like having two almost identical configurations. The only thing that needs to be disabled/enabled by a property is the @EnableOAuth2Sso annotation.


Is there another way to achieve this?










share|improve this question


























    up vote
    0
    down vote

    favorite












    I'm working on a Spring Boot application that uses OAuth2 to realize SSO.
    Right now I'm using the @ConditionalOnProperty annotation on my security configuration to disable OAuth2 when needed:



    @Configuration
    @ConditionalOnProperty("some.property")
    @Order(SecurityProperties.BASIC_AUTH_ORDER-3)
    @EnableOAuth2Sso
    public class SecurityConfigurationOAuth2 extends WebSecurityConfigurerAdapter {


    I also have a second security configuration that is beeing used when OAuth is disabled:



    @Configuration
    @Order(SecurityProperties.BASIC_AUTH_ORDER-2)
    public class SecurityConfiguration extends WebSecurityConfigurerAdapter {


    So far this is working but I don't like having two almost identical configurations. The only thing that needs to be disabled/enabled by a property is the @EnableOAuth2Sso annotation.


    Is there another way to achieve this?










    share|improve this question
























      up vote
      0
      down vote

      favorite









      up vote
      0
      down vote

      favorite











      I'm working on a Spring Boot application that uses OAuth2 to realize SSO.
      Right now I'm using the @ConditionalOnProperty annotation on my security configuration to disable OAuth2 when needed:



      @Configuration
      @ConditionalOnProperty("some.property")
      @Order(SecurityProperties.BASIC_AUTH_ORDER-3)
      @EnableOAuth2Sso
      public class SecurityConfigurationOAuth2 extends WebSecurityConfigurerAdapter {


      I also have a second security configuration that is beeing used when OAuth is disabled:



      @Configuration
      @Order(SecurityProperties.BASIC_AUTH_ORDER-2)
      public class SecurityConfiguration extends WebSecurityConfigurerAdapter {


      So far this is working but I don't like having two almost identical configurations. The only thing that needs to be disabled/enabled by a property is the @EnableOAuth2Sso annotation.


      Is there another way to achieve this?










      share|improve this question













      I'm working on a Spring Boot application that uses OAuth2 to realize SSO.
      Right now I'm using the @ConditionalOnProperty annotation on my security configuration to disable OAuth2 when needed:



      @Configuration
      @ConditionalOnProperty("some.property")
      @Order(SecurityProperties.BASIC_AUTH_ORDER-3)
      @EnableOAuth2Sso
      public class SecurityConfigurationOAuth2 extends WebSecurityConfigurerAdapter {


      I also have a second security configuration that is beeing used when OAuth is disabled:



      @Configuration
      @Order(SecurityProperties.BASIC_AUTH_ORDER-2)
      public class SecurityConfiguration extends WebSecurityConfigurerAdapter {


      So far this is working but I don't like having two almost identical configurations. The only thing that needs to be disabled/enabled by a property is the @EnableOAuth2Sso annotation.


      Is there another way to achieve this?







      java spring spring-boot spring-security spring-security-oauth2






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Nov 15 at 11:57









      xLdoubleR

      14




      14
























          1 Answer
          1






          active

          oldest

          votes

















          up vote
          0
          down vote













          If it really is only the @EnableOAuth2Sso annotation that has to be enabled/disabled, is there any reason you can't just create another configuration which only has that annotation plus a @ConditionalOnProperty or @Profile?



          Although not tested, you may be able to have a nested configuration class that is strictly meant for the conditional annotation like this:



          @Configuration
          @Order(SecurityProperties.BASIC_AUTH_ORDER-3)
          public class SecurityConfigurationOAuth2 extends WebSecurityConfigurerAdapter {
          @Configuration
          @ConditionalOnProperty("some.property") // Or use a profile
          @EnableOAuth2Sso
          static class EnableSSOConfig {
          }
          ....
          }





          share|improve this answer





















          • Yes, it is just the @EnableAuth2Sso annotation. This is basically what I'm doing right now, I'm sorry if my main post didn't convey this to you. The thing is I don't want to use two configurations because the HttpSecurity-object has to be maintained in both and is quite extensive.
            – xLdoubleR
            Nov 19 at 14:34










          • I'm not suggesting having two almost identical configurations. I'm suggesting having one main configuration which is always loaded and then another one specifically for the @EnableOAuth2Sso annotation that is conditional. My code example is just giving you an option where you could keep the conditional annotation in your security config class just to keep things organized.
            – Steve W
            Nov 20 at 15:05













          Your Answer






          StackExchange.ifUsing("editor", function () {
          StackExchange.using("externalEditor", function () {
          StackExchange.using("snippets", function () {
          StackExchange.snippets.init();
          });
          });
          }, "code-snippets");

          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "1"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53319003%2fdisable-enable-oauth2-without-two-security-configurations%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          up vote
          0
          down vote













          If it really is only the @EnableOAuth2Sso annotation that has to be enabled/disabled, is there any reason you can't just create another configuration which only has that annotation plus a @ConditionalOnProperty or @Profile?



          Although not tested, you may be able to have a nested configuration class that is strictly meant for the conditional annotation like this:



          @Configuration
          @Order(SecurityProperties.BASIC_AUTH_ORDER-3)
          public class SecurityConfigurationOAuth2 extends WebSecurityConfigurerAdapter {
          @Configuration
          @ConditionalOnProperty("some.property") // Or use a profile
          @EnableOAuth2Sso
          static class EnableSSOConfig {
          }
          ....
          }





          share|improve this answer





















          • Yes, it is just the @EnableAuth2Sso annotation. This is basically what I'm doing right now, I'm sorry if my main post didn't convey this to you. The thing is I don't want to use two configurations because the HttpSecurity-object has to be maintained in both and is quite extensive.
            – xLdoubleR
            Nov 19 at 14:34










          • I'm not suggesting having two almost identical configurations. I'm suggesting having one main configuration which is always loaded and then another one specifically for the @EnableOAuth2Sso annotation that is conditional. My code example is just giving you an option where you could keep the conditional annotation in your security config class just to keep things organized.
            – Steve W
            Nov 20 at 15:05

















          up vote
          0
          down vote













          If it really is only the @EnableOAuth2Sso annotation that has to be enabled/disabled, is there any reason you can't just create another configuration which only has that annotation plus a @ConditionalOnProperty or @Profile?



          Although not tested, you may be able to have a nested configuration class that is strictly meant for the conditional annotation like this:



          @Configuration
          @Order(SecurityProperties.BASIC_AUTH_ORDER-3)
          public class SecurityConfigurationOAuth2 extends WebSecurityConfigurerAdapter {
          @Configuration
          @ConditionalOnProperty("some.property") // Or use a profile
          @EnableOAuth2Sso
          static class EnableSSOConfig {
          }
          ....
          }





          share|improve this answer





















          • Yes, it is just the @EnableAuth2Sso annotation. This is basically what I'm doing right now, I'm sorry if my main post didn't convey this to you. The thing is I don't want to use two configurations because the HttpSecurity-object has to be maintained in both and is quite extensive.
            – xLdoubleR
            Nov 19 at 14:34










          • I'm not suggesting having two almost identical configurations. I'm suggesting having one main configuration which is always loaded and then another one specifically for the @EnableOAuth2Sso annotation that is conditional. My code example is just giving you an option where you could keep the conditional annotation in your security config class just to keep things organized.
            – Steve W
            Nov 20 at 15:05















          up vote
          0
          down vote










          up vote
          0
          down vote









          If it really is only the @EnableOAuth2Sso annotation that has to be enabled/disabled, is there any reason you can't just create another configuration which only has that annotation plus a @ConditionalOnProperty or @Profile?



          Although not tested, you may be able to have a nested configuration class that is strictly meant for the conditional annotation like this:



          @Configuration
          @Order(SecurityProperties.BASIC_AUTH_ORDER-3)
          public class SecurityConfigurationOAuth2 extends WebSecurityConfigurerAdapter {
          @Configuration
          @ConditionalOnProperty("some.property") // Or use a profile
          @EnableOAuth2Sso
          static class EnableSSOConfig {
          }
          ....
          }





          share|improve this answer












          If it really is only the @EnableOAuth2Sso annotation that has to be enabled/disabled, is there any reason you can't just create another configuration which only has that annotation plus a @ConditionalOnProperty or @Profile?



          Although not tested, you may be able to have a nested configuration class that is strictly meant for the conditional annotation like this:



          @Configuration
          @Order(SecurityProperties.BASIC_AUTH_ORDER-3)
          public class SecurityConfigurationOAuth2 extends WebSecurityConfigurerAdapter {
          @Configuration
          @ConditionalOnProperty("some.property") // Or use a profile
          @EnableOAuth2Sso
          static class EnableSSOConfig {
          }
          ....
          }






          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Nov 16 at 15:52









          Steve W

          111




          111












          • Yes, it is just the @EnableAuth2Sso annotation. This is basically what I'm doing right now, I'm sorry if my main post didn't convey this to you. The thing is I don't want to use two configurations because the HttpSecurity-object has to be maintained in both and is quite extensive.
            – xLdoubleR
            Nov 19 at 14:34










          • I'm not suggesting having two almost identical configurations. I'm suggesting having one main configuration which is always loaded and then another one specifically for the @EnableOAuth2Sso annotation that is conditional. My code example is just giving you an option where you could keep the conditional annotation in your security config class just to keep things organized.
            – Steve W
            Nov 20 at 15:05




















          • Yes, it is just the @EnableAuth2Sso annotation. This is basically what I'm doing right now, I'm sorry if my main post didn't convey this to you. The thing is I don't want to use two configurations because the HttpSecurity-object has to be maintained in both and is quite extensive.
            – xLdoubleR
            Nov 19 at 14:34










          • I'm not suggesting having two almost identical configurations. I'm suggesting having one main configuration which is always loaded and then another one specifically for the @EnableOAuth2Sso annotation that is conditional. My code example is just giving you an option where you could keep the conditional annotation in your security config class just to keep things organized.
            – Steve W
            Nov 20 at 15:05


















          Yes, it is just the @EnableAuth2Sso annotation. This is basically what I'm doing right now, I'm sorry if my main post didn't convey this to you. The thing is I don't want to use two configurations because the HttpSecurity-object has to be maintained in both and is quite extensive.
          – xLdoubleR
          Nov 19 at 14:34




          Yes, it is just the @EnableAuth2Sso annotation. This is basically what I'm doing right now, I'm sorry if my main post didn't convey this to you. The thing is I don't want to use two configurations because the HttpSecurity-object has to be maintained in both and is quite extensive.
          – xLdoubleR
          Nov 19 at 14:34












          I'm not suggesting having two almost identical configurations. I'm suggesting having one main configuration which is always loaded and then another one specifically for the @EnableOAuth2Sso annotation that is conditional. My code example is just giving you an option where you could keep the conditional annotation in your security config class just to keep things organized.
          – Steve W
          Nov 20 at 15:05






          I'm not suggesting having two almost identical configurations. I'm suggesting having one main configuration which is always loaded and then another one specifically for the @EnableOAuth2Sso annotation that is conditional. My code example is just giving you an option where you could keep the conditional annotation in your security config class just to keep things organized.
          – Steve W
          Nov 20 at 15:05




















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Stack Overflow!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.





          Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


          Please pay close attention to the following guidance:


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53319003%2fdisable-enable-oauth2-without-two-security-configurations%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          How to change which sound is reproduced for terminal bell?

          Can I use Tabulator js library in my java Spring + Thymeleaf project?

          Title Spacing in Bjornstrup Chapter, Removing Chapter Number From Contents