search

spring-cloud / spring-cloud-config

External configuration (server and client) for Spring Cloud
Apache License 2.0
1.95k stars 1.29k forks source link

Refresh Configuration Beans #504

Closed freedombird9 closed 6 years ago

freedombird9 commented 8 years ago

I have a web security config class that looks like:

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    private GatewayRememberMeServices rememberMeServices;

    @Autowired
    private BasicAuthenticationProvider basicAuthenticationProvider;

    @Autowired
    private BasicAuthenticationEntrypoint basicAuthenticationEntrypoint;

    @Autowired
    private Config config;

    @Bean
    public BasicAuthenticationFilter basicAuthenticationFilter(){
        BasicAuthenticationFilter basicAuthenticationFilter = new BasicAuthenticationFilter(new ProviderManager(Arrays.asList(basicAuthenticationProvider)), basicAuthenticationEntrypoint);
        return basicAuthenticationFilter;
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable();
        http.authorizeRequests().antMatchers("/**").permitAll()
                .anyRequest().authenticated().and()
                .rememberMe()
                .rememberMeServices(rememberMeServices)
                .key("springRocks")
                .rememberMeCookieName("jsSessionCookie");

        http.addFilter(basicAuthenticationFilter());
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        if (config == null || config.getPath() == null) {
            return;
        }
        for (String allow: config.getPath()) {
            web.ignoring().antMatchers(allow + "**");
        }
    }
}

The Config is:

@Component
@ConfigurationProperties("ignored")
@RefreshScope
public class Config {
    private List<String> path;

    public List<String> getPath() {
        return path;
    }

    public void setPath(List<String> path) {
        this.path = path;
    }
}

So basically, whenever I change the ignored property, the Config bean will be refreshed. It won't happen, however, to the SecurityConfig bean. Since @RefreshScope doesn't work with @Configuration, I wonder how to refresh the config bean? Specially, I want to have the method

@Override
    public void configure(WebSecurity web) throws Exception {
        if (config == null || config.getPath() == null) {
            return;
        }
        for (String allow: config.getPath()) {
            web.ignoring().antMatchers(allow + "**");
        }
    }

re-run to reflect the changes. Right now, it cannot pick up any change I made to the property file.

spencergibb commented 8 years ago

Remove @RefreshScope from Config since @ConfigurationProperties classes are already refreshed. Where do you create Config? Where do you have @EnableConfigurationProperties?

spencergibb commented 8 years ago

To reconfigure security (if it can be reconfigured) you would have to listen for an EnvironmentChangeEvent

freedombird9 commented 8 years ago

@spencergibb Config is autowired into SecurityConfig bean. And I didn't use @EnableConfigurationProperties anywhere.

freedombird9 commented 8 years ago

@spencergibb You mean there is no clean way to reconfigure security?

spencergibb commented 8 years ago

@EnableConfigurationProperties is required for @ConfigurationProperties to work. I have no idea if security can by dynamically reconfigured. Ping @rwinch.

freedombird9 commented 8 years ago

@spencergibb Good to know. But the above code did work for me. I've tested it many many times. I think @EnableConfigurationProperties is the default setting now.

spring-projects-issues commented 6 years ago

Closing due to age of the question. If you would like us to look at this issue, please comment and we will look at re-opening the issue.