3

I am using spring boot and in spring security we are using "WebSecurityConfigurerAdapter" and using the method 

@Override
    protected void configure(HttpSecurity http) throws Exception {
        AuthenticationFilter authenticationFilter = new AuthenticationFilter(authenticationManager(), tokenService(), externalServiceAuthenticator());
        http.addFilterBefore(authenticationFilter, BasicAuthenticationFilter.class)
        .csrf().disable()
        .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
        .and().authorizeRequests().antMatchers(externalServiceCaller.getPrivateEndPoints())
        .hasAnyAuthority(externalServiceCaller.getAllAuthorities()).anyRequest().authenticated()
        .and().authorizeRequests().anyRequest().anonymous()
        .and().exceptionHandling().authenticationEntryPoint(unauthorizedEntryPoint())
        .and().exceptionHandling().authenticationEntryPoint(forbiddenEntryPoint());
    }

This is working fine for existing role and user but when we are adding more users and role at run time (After the application start) then spring security is not able to recognize new role and new user . Is there any way to call the above method again when the application is up and running.

Andrew Sasha
  • 1,254
  • 1
  • 11
  • 21
Chinmay
  • 39
  • 2
  • Have you found any solution to this? – Hikmat Dec 22 '18 at 22:07
  • Sorry for delay response was sick. No did not found any solution.Changed the filter layer. – Chinmay Jan 16 '19 at 06:54
  • Thanks for reply @Chinmay. Can you elaborate "changed the filter layer" – Hikmat Jan 24 '19 at 09:32
  • .hasAnyAuthority(externalServiceCaller.getAllAuthorities()).anyRequest().authenticated() removed this line and in filter we are making the check using regular expression. As this application will run under many firewall . – Chinmay Jan 24 '19 at 10:38

1 Answers1

1

Reload configure(HttpSecurity http) is impossible in runtime, because it's some kind of builder and it's creates some part of the spring security chain when the application is starting - if you'd like to reload the method you have to replace the spring security chain during runtime - it's not so easy and recommended way.

If you need add some user during runtime - implement custom AuthentificationProvider

Andrew Sasha
  • 1,254
  • 1
  • 11
  • 21