Closed Limfaylay closed 4 years ago
Number -17 is in SAMLWebSecurityConfigurer
. That's just an arbitrary number that allows the SAML config to load properly in the Spring context. If I would have used Ordered.HIGHEST_PRECEDENE you wouldn't be able to plugin your stuff, and if I would have used Ordered.LOWEST_PRECENDECE this plugin wouldn't work. So... you have to choose something in between. I don't know of any way of setting the number through config since getOrder
goes in Configuration classes either by implementing Ordered
or by adding the @Order
annotation.
That said, I think it would be interesting if Spring had some sort of way to override this order in a simple manner, if for instance each plugin can annotate their config with a Plugin Name and a default order, that then you could re-arrange by that name in your app as you please. But for something like this to work with everything out there you'd need widespread support.
A poor's man version of that could potentially work if you:
@Import
directly the auto-configuration defining a new Order in your new configuration class. For security alone you could do something similar with WebSecurityConfigurerAdapter
(look at the usage of SAMLConfigurerBean)
I see now, thank you!
On the note of the usage of SAMLConfigurerBean, I would suggest that you add the code block that prevents the infinite loop auth error to the README
documentation.
@Override
protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
auth.parentAuthenticationManager(null);
}
Overall a great library! Thanks so much.
Hi there!
I'm trying to implement multiple authentication strategies in a single microservice. I have separate files / functions to help me manage the possible paths for securing my endpoints with different auth methods.
I'm making use of
@Order
, but have noticed that the default (and unchangeable) order when making use ofServiceProviderConfigurerAdapter
is -17. I can force the functionality that I need by introducing numbers lower than -17, but it starts to look like I'm introducing magic numbers in the code, and I'm also afraid that this may have some unexpected side-effect when using this class.Is there any reason for choosing this number in specific, and is there any way to make this a parameter we can edit?
Thanks, Matt