What is the difference between registering an authenticationprovider with HttpSecurity vs...











up vote
0
down vote

favorite












WebSecurityConfigurerAdapter offers two overrides as follows:



protected void configure(AuthenticationManagerBuilder auth)



and



protected void configure(HttpSecurity http)



Both HttpSecurity and AuthenticationManagerBuilder offer registration for authenticationProviders. Is there any difference between registering my providers with one vs the other?



I'm also using Spring boot 2.1 with @SpringBootApplication(exclude = SecurityAutoConfiguration.class) to turn off their autoconfig completely.






spring-boot spring-security







share|improve this question


























    up vote
    0
    down vote

    favorite












    WebSecurityConfigurerAdapter offers two overrides as follows:



    protected void configure(AuthenticationManagerBuilder auth)



    and



    protected void configure(HttpSecurity http)



    Both HttpSecurity and AuthenticationManagerBuilder offer registration for authenticationProviders. Is there any difference between registering my providers with one vs the other?



    I'm also using Spring boot 2.1 with @SpringBootApplication(exclude = SecurityAutoConfiguration.class) to turn off their autoconfig completely.






    spring-boot spring-security







    share|improve this question
























      up vote
      0
      down vote

      favorite









      up vote
      0
      down vote

      favorite











      WebSecurityConfigurerAdapter offers two overrides as follows:



      protected void configure(AuthenticationManagerBuilder auth)



      and



      protected void configure(HttpSecurity http)



      Both HttpSecurity and AuthenticationManagerBuilder offer registration for authenticationProviders. Is there any difference between registering my providers with one vs the other?



      I'm also using Spring boot 2.1 with @SpringBootApplication(exclude = SecurityAutoConfiguration.class) to turn off their autoconfig completely.






      spring-boot spring-security







      share|improve this question













      WebSecurityConfigurerAdapter offers two overrides as follows:



      protected void configure(AuthenticationManagerBuilder auth)



      and



      protected void configure(HttpSecurity http)



      Both HttpSecurity and AuthenticationManagerBuilder offer registration for authenticationProviders. Is there any difference between registering my providers with one vs the other?



      I'm also using Spring boot 2.1 with @SpringBootApplication(exclude = SecurityAutoConfiguration.class) to turn off their autoconfig completely.






      spring-boot spring-security




      spring-boot spring-security






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Nov 21 at 2:03









      Jazzepi

      2,78343462




      2,78343462
























          1 Answer
          1






          active

          oldest

          votes

















          up vote
          1
          down vote



          accepted










          From Spring Security Architecture




          The main strategy interface for authentication is
          AuthenticationManager [...]



          The most commonly used implementation of AuthenticationManager is
          ProviderManager, which delegates to a chain of
          AuthenticationProvider instances. An AuthenticationProvider is a
          bit like an AuthenticationManager [...]



          A ProviderManager can support multiple different authentication
          mechanisms in the same application by delegating to a chain of
          AuthenticationProviders. If a ProviderManager doesn’t recognise a
          particular Authentication instance type it will be skipped.



          A ProviderManager has an optional parent, which it can consult if
          all providers return null. If the parent is not available then a null
          Authentication results in an AuthenticationException.




          enter image description here



          Generally speaking WebSecurityConfigurerAdapter provides configuration for HttpSecurity apart from Filter's configuration (like UsernamePasswordAuthenticationFilter, LogoutFilter etc.) it's also creates and configures (adding AuthenticationProviders and parent AuthenticationManager) AuthenticationManagers in HttpSecurity by using AuthenticationManagerBuilder.



          WebSecurityConfigurerAdapter will create only one AuthenticationManager for HttpSecurity. However AuthenticationManager has its own AuthenticationProviders and its own optional parent AuthenticationProvider. When you are doing http.authenticationProvider(...) you are adding new AuthenticationProvider to the AuthenticationManager which belong to that http. By using configure(AuthenticationManagerBuilder auth) you are configuring AuthenticationManager which is the parent of the AuthenticationManager which belongs to that particular HttpSecurity.



          Spring is providing default configuration for the parent of that particular AuthenticationManager, but by using configure(AuthenticationManagerBuilder auth) you are rejecting spring's configuration in favour of your (auth).






          share|improve this answer























            Your Answer






            StackExchange.ifUsing("editor", function () {
            StackExchange.using("externalEditor", function () {
            StackExchange.using("snippets", function () {
            StackExchange.snippets.init();
            });
            });
            }, "code-snippets");

            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "1"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














             

            draft saved


            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53404327%2fwhat-is-the-difference-between-registering-an-authenticationprovider-with-httpse%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes








            up vote
            1
            down vote



            accepted










            From Spring Security Architecture




            The main strategy interface for authentication is
            AuthenticationManager [...]



            The most commonly used implementation of AuthenticationManager is
            ProviderManager, which delegates to a chain of
            AuthenticationProvider instances. An AuthenticationProvider is a
            bit like an AuthenticationManager [...]



            A ProviderManager can support multiple different authentication
            mechanisms in the same application by delegating to a chain of
            AuthenticationProviders. If a ProviderManager doesn’t recognise a
            particular Authentication instance type it will be skipped.



            A ProviderManager has an optional parent, which it can consult if
            all providers return null. If the parent is not available then a null
            Authentication results in an AuthenticationException.




            enter image description here



            Generally speaking WebSecurityConfigurerAdapter provides configuration for HttpSecurity apart from Filter's configuration (like UsernamePasswordAuthenticationFilter, LogoutFilter etc.) it's also creates and configures (adding AuthenticationProviders and parent AuthenticationManager) AuthenticationManagers in HttpSecurity by using AuthenticationManagerBuilder.



            WebSecurityConfigurerAdapter will create only one AuthenticationManager for HttpSecurity. However AuthenticationManager has its own AuthenticationProviders and its own optional parent AuthenticationProvider. When you are doing http.authenticationProvider(...) you are adding new AuthenticationProvider to the AuthenticationManager which belong to that http. By using configure(AuthenticationManagerBuilder auth) you are configuring AuthenticationManager which is the parent of the AuthenticationManager which belongs to that particular HttpSecurity.



            Spring is providing default configuration for the parent of that particular AuthenticationManager, but by using configure(AuthenticationManagerBuilder auth) you are rejecting spring's configuration in favour of your (auth).






            share|improve this answer



























              up vote
              1
              down vote



              accepted










              From Spring Security Architecture




              The main strategy interface for authentication is
              AuthenticationManager [...]



              The most commonly used implementation of AuthenticationManager is
              ProviderManager, which delegates to a chain of
              AuthenticationProvider instances. An AuthenticationProvider is a
              bit like an AuthenticationManager [...]



              A ProviderManager can support multiple different authentication
              mechanisms in the same application by delegating to a chain of
              AuthenticationProviders. If a ProviderManager doesn’t recognise a
              particular Authentication instance type it will be skipped.



              A ProviderManager has an optional parent, which it can consult if
              all providers return null. If the parent is not available then a null
              Authentication results in an AuthenticationException.




              enter image description here



              Generally speaking WebSecurityConfigurerAdapter provides configuration for HttpSecurity apart from Filter's configuration (like UsernamePasswordAuthenticationFilter, LogoutFilter etc.) it's also creates and configures (adding AuthenticationProviders and parent AuthenticationManager) AuthenticationManagers in HttpSecurity by using AuthenticationManagerBuilder.



              WebSecurityConfigurerAdapter will create only one AuthenticationManager for HttpSecurity. However AuthenticationManager has its own AuthenticationProviders and its own optional parent AuthenticationProvider. When you are doing http.authenticationProvider(...) you are adding new AuthenticationProvider to the AuthenticationManager which belong to that http. By using configure(AuthenticationManagerBuilder auth) you are configuring AuthenticationManager which is the parent of the AuthenticationManager which belongs to that particular HttpSecurity.



              Spring is providing default configuration for the parent of that particular AuthenticationManager, but by using configure(AuthenticationManagerBuilder auth) you are rejecting spring's configuration in favour of your (auth).






              share|improve this answer

























                up vote
                1
                down vote



                accepted







                up vote
                1
                down vote



                accepted






                From Spring Security Architecture




                The main strategy interface for authentication is
                AuthenticationManager [...]



                The most commonly used implementation of AuthenticationManager is
                ProviderManager, which delegates to a chain of
                AuthenticationProvider instances. An AuthenticationProvider is a
                bit like an AuthenticationManager [...]



                A ProviderManager can support multiple different authentication
                mechanisms in the same application by delegating to a chain of
                AuthenticationProviders. If a ProviderManager doesn’t recognise a
                particular Authentication instance type it will be skipped.



                A ProviderManager has an optional parent, which it can consult if
                all providers return null. If the parent is not available then a null
                Authentication results in an AuthenticationException.




                enter image description here



                Generally speaking WebSecurityConfigurerAdapter provides configuration for HttpSecurity apart from Filter's configuration (like UsernamePasswordAuthenticationFilter, LogoutFilter etc.) it's also creates and configures (adding AuthenticationProviders and parent AuthenticationManager) AuthenticationManagers in HttpSecurity by using AuthenticationManagerBuilder.



                WebSecurityConfigurerAdapter will create only one AuthenticationManager for HttpSecurity. However AuthenticationManager has its own AuthenticationProviders and its own optional parent AuthenticationProvider. When you are doing http.authenticationProvider(...) you are adding new AuthenticationProvider to the AuthenticationManager which belong to that http. By using configure(AuthenticationManagerBuilder auth) you are configuring AuthenticationManager which is the parent of the AuthenticationManager which belongs to that particular HttpSecurity.



                Spring is providing default configuration for the parent of that particular AuthenticationManager, but by using configure(AuthenticationManagerBuilder auth) you are rejecting spring's configuration in favour of your (auth).






                share|improve this answer














                From Spring Security Architecture




                The main strategy interface for authentication is
                AuthenticationManager [...]



                The most commonly used implementation of AuthenticationManager is
                ProviderManager, which delegates to a chain of
                AuthenticationProvider instances. An AuthenticationProvider is a
                bit like an AuthenticationManager [...]



                A ProviderManager can support multiple different authentication
                mechanisms in the same application by delegating to a chain of
                AuthenticationProviders. If a ProviderManager doesn’t recognise a
                particular Authentication instance type it will be skipped.



                A ProviderManager has an optional parent, which it can consult if
                all providers return null. If the parent is not available then a null
                Authentication results in an AuthenticationException.




                enter image description here



                Generally speaking WebSecurityConfigurerAdapter provides configuration for HttpSecurity apart from Filter's configuration (like UsernamePasswordAuthenticationFilter, LogoutFilter etc.) it's also creates and configures (adding AuthenticationProviders and parent AuthenticationManager) AuthenticationManagers in HttpSecurity by using AuthenticationManagerBuilder.



                WebSecurityConfigurerAdapter will create only one AuthenticationManager for HttpSecurity. However AuthenticationManager has its own AuthenticationProviders and its own optional parent AuthenticationProvider. When you are doing http.authenticationProvider(...) you are adding new AuthenticationProvider to the AuthenticationManager which belong to that http. By using configure(AuthenticationManagerBuilder auth) you are configuring AuthenticationManager which is the parent of the AuthenticationManager which belongs to that particular HttpSecurity.



                Spring is providing default configuration for the parent of that particular AuthenticationManager, but by using configure(AuthenticationManagerBuilder auth) you are rejecting spring's configuration in favour of your (auth).







                share|improve this answer














                share|improve this answer



                share|improve this answer








                edited yesterday

























                answered yesterday









                Andrew Sasha

                372112




                372112






























                     

                    draft saved


                    draft discarded



















































                     


                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53404327%2fwhat-is-the-difference-between-registering-an-authenticationprovider-with-httpse%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    -

                    Popular posts from this blog

                    Dijon

                    Image
                    Dijon.mw-parser-output .entete.map{background-image:url("//upload.wikimedia.org/wikipedia/commons/7/7a/Picto_infobox_map.png")} De haut en bas, de gauche à droite : Panorama du centre historique vu depuis la Cathédrale Saint-Bénigne, le tramway passant sous l'Auditorium , la place François Rude, les Tuiles vernissées de l'Hôtel Aubriot, le centre commercial Toison d'or et le jardin Darcy. Blason Logo Administration Pays   France Région Bourgogne-Franche-Comté (préfecture) Département Côte-d'Or (préfecture) Arrondissement Dijon (chef-lieu) Canton bureau centralisateur de 6 cantons : Dijon-1, 2, 3, 4, 5, 6 Intercommunalité Dijon Métropole Maire Mandat François Rebsamen 2015-2020 Code postal 21000 (comportait aussi le code 21100 quand la ville possédait deux bureaux distributeurs) Code commune 21231 Démographie Gentilé ...
                    Read more

                    Sphinx de Gizeh

                    Image
                    Pour les articles homonymes, voir Sphinx. Sphinx de Gizeh.mw-parser-output .entete.egypte-antique{background-image:url("//upload.wikimedia.org/wikipedia/commons/c/cc/Picto_infobox_ancient_Egypt.png")} Site d'Égypte antique Le visage du sphinx de Gizeh. Noms en arabe أبو الهول , Abou al-Hôl Localisation Région Basse-Égypte Coordonnées 29° 58′ 31″ nord, 31° 08′ 16″ est Géolocalisation sur la carte : Égypte Sphinx de Gizeh modifier   Le sphinx de Gizeh est la statue thérianthrope qui se dresse devant les grandes pyramides du plateau de Gizeh, en Basse-Égypte. Sculpture monumentale monolithique la plus grande du monde [ 1 ] avec 73,5 mètres de longueur, 14 mètres de largeur et 20,22 mètres de hauteur, elle représente un sphinx couchant. Réalisée vers -2500, elle serait attribuée à Djédefrê, l'un des pharaons de la IV e  dynastie, représentant son père le pharaon Khéops. Sommaire 1 Étymologie 2 Desc...
                    Read more

                    xlwings: Save and Close

                    Image
                    1 I am trying to find out how to save and close to an existing workbook using xlwings after writing in it: import xlwings as xw list_of_values = [1, 2, 3] workbook_path = 'abc.xlsx' wb = xw.Book(workbook_path) ws = wb.sheets['sheet1'] ws.range('E35').value = list_of_values wb.save() wb.close() When I get to wb.save(workbook_path) , there is a prompt stating: 'A file named abc.xlsx' already exists in this location. Do you want to replace it?' I want to overwrite the file immediately without the prompt coming up. According to the docs, wb.save() should automatically overwrite (see: https://docs.xlwings.org/en/v0.6.4/api.html). I have also tried wb.save(workbook_path) but the pop-up still appears. Appreciate any help on this please. p.s. - I am basically try...
                    Read more