Let us now start applying security context to the previous reactive application through these steps:
- Open pom.xml and add the following starter POM for Spring Security 5:
<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency>
- Create a new package org.packt.spring.boot.security and drop into it the same security context definition AppSecurityConfig from ch08.
- Avoid registering DelegatingFilterProxy into the container since Spring Boot does it automatically by injecting org.springframework.boot.web.servlet.DelegatingFilterProxyRegistrationBean and mapping it to a filter name springSecurityFilterChain. If you include SpringSecurityInitializer from ch08 into this project, conflicts will arise and an exception like this will be thrown:
28-Jun-2017 13:01:07.219 SEVERE [https-openssl-nio-8443-exec-6] org.apache.catalina.core.StandardContext.filterStart Exception starting filter springSecurityFilterChain org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'springSecurityFilterChain' available
There is no need to include SpringSecurityInitializer just to enable asynchronous support for s pringSecurityFilterChain, because Spring Boot enables it by default.
- The next step is to @Import the AppSecurityConfig to apply the security protocols indicated in the security class definition to the Spring MVC project:
@Import(value = { AppSecurityConfig.class }) @Configuration @EnableWebMvc public class SpringContextConfig { // refer to sources }
- Finally, you are now ready to use Spring Security 5.x. Uncomment all lines that execute SecurityContextHolder.
- Copy the LoginController from ch08 to org.packt.spring,boot.controller.
- Also copy the views, login.jsp, logout.jsp and after_logout.jsp to src/main/webapp of this project. Also update the views and message bundle pertaining to these view pages.
- Save all files. Then clean and install project ch09. Manually deploy it to the server. Open a browser and access https://localhost:8443/ch09/login.html and supply the needed credentials indicated by in-memory configuration of AppSecurityConfig.