configure (AuthenticationManagerBuilder) is used to create an authentication mechanism, making it easy to add AuthenticationProviders: for example, the following describes authentication in memory with built-in user and admin inputs.
public void configure(AuthenticationManagerBuilder auth) { auth .inMemoryAuthentication() .withUser("user") .password("password") .roles("USER") .and() .withUser("admin") .password("password") .roles("ADMIN","USER"); }
configure (HttpSecurity) allows you to configure network security at the resource level based on matching choices - for example, In the example below, URLs starting with / admin / for users with the ADMIN role are limited and declares that any other URLs must succeed authenticated.
protected void configure(HttpSecurity http) throws Exception { http .authorizeUrls() .antMatchers("/admin/**").hasRole("ADMIN") .anyRequest().authenticated() }
configure (WebSecurity) is used for configuration parameters that affect global security (ignore resources, set debug mode, reject requests, implementing a custom firewall definition). For example, the following method will ignore any request starting with / resources / for authentication purposes.
public void configure(WebSecurity web) throws Exception { web .ignoring() .antMatchers("/resources/**"); }
You can refer to the following link for more information. Spring Security Java Configuration Preview: Web Security
Nick Vasic Feb 02 '15 at 6:42 2015-02-02 06:42
source share