spring-boot: ManagementWebSecurityConfigurerAdapter is not overridable

Despite having

@ConditionalOnMissingBean({ ManagementWebSecurityConfigurerAdapter.class })
protected static class ManagementWebSecurityConfigurerAdapter

user cannot override this bean because it’s impossible to create a bean of type ManagementWebSecurityConfigurerAdapter or extending it.

In my project we have multiple instance of AuthenticationManager and the default one injected in ManagementWebSecurityConfigurerAdapter is not the one we want to inject in it.

We don’t want to completely recreate a WebSecurityConfigurerAdapterand copy/paste all its content just to inject a particular AuthenticationManager.

Thanks

About this issue

  • Original URL
  • State: closed
  • Created 10 years ago
  • Comments: 27 (14 by maintainers)

Most upvoted comments

It would be great to have a callback to customize the authentication manager builder just for the management endpoints, without overriding the global authentication manager, and without overriding / replacing the (quite elaborate) HttpSecurity configuration for the management endpoints. Before I found this issue here, I asked this, needing exactly that: http://stackoverflow.com/questions/41140468/custom-actuator-authentication-and-different-custom-web-authentication-in-one

+1
rainerfrey-inxmail on Dec 15, 2016
Read more comments on GitHub
← spring-boot: LOG_FILE_IS_UNDEFINED log file is being created in boot 1.4.5
spring-boot: Maven-failsafe-plugin fails to execute integration tests →