Refresh Configuration Beans

[freedombird9]

I have a web security config class that looks like:

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    private GatewayRememberMeServices rememberMeServices;

    @Autowired
    private BasicAuthenticationProvider basicAuthenticationProvider;

    @Autowired
    private BasicAuthenticationEntrypoint basicAuthenticationEntrypoint;

    @Autowired
    private Config config;

    @Bean
    public BasicAuthenticationFilter basicAuthenticationFilter(){
        BasicAuthenticationFilter basicAuthenticationFilter = new BasicAuthenticationFilter(new ProviderManager(Arrays.asList(basicAuthenticationProvider)), basicAuthenticationEntrypoint);
        return basicAuthenticationFilter;
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable();
        http.authorizeRequests().antMatchers("/**").permitAll()
                .anyRequest().authenticated().and()
                .rememberMe()
                .rememberMeServices(rememberMeServices)
                .key("springRocks")
                .rememberMeCookieName("jsSessionCookie");

        http.addFilter(basicAuthenticationFilter());
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        if (config == null || config.getPath() == null) {
            return;
        }
        for (String allow: config.getPath()) {
            web.ignoring().antMatchers(allow + "**");
        }
    }
}

The Config is:

@Component
@ConfigurationProperties("ignored")
@RefreshScope
public class Config {
    private List<String> path;

    public List<String> getPath() {
        return path;
    }

    public void setPath(List<String> path) {
        this.path = path;
    }
}

So basically, whenever I change the ignored property, the Config bean will be refreshed. It won't happen, however, to the SecurityConfig bean. Since @RefreshScope doesn't work with @configuration, I wonder how to refresh the config bean? Specially, I want to have the method

@Override
    public void configure(WebSecurity web) throws Exception {
        if (config == null || config.getPath() == null) {
            return;
        }
        for (String allow: config.getPath()) {
            web.ignoring().antMatchers(allow + "**");
        }
    }

re-run to reflect the changes. Right now, it cannot pick up any change I made to the property file.

[spencergibb]

Remove @RefreshScope from Config since @ConfigurationProperties classes are already refreshed. Where do you create Config? Where do you have @EnableConfigurationProperties?

[spencergibb]

To reconfigure security (if it can be reconfigured) you would have to listen for an EnvironmentChangeEvent

[freedombird9]

@spencergibb Config is autowired into SecurityConfig bean. And I didn't use @EnableConfigurationProperties anywhere.

[freedombird9]

@spencergibb You mean there is no clean way to reconfigure security?

[spencergibb]

@EnableConfigurationProperties is required for @ConfigurationProperties to work. I have no idea if security can by dynamically reconfigured. Ping @rwinch.

[freedombird9]

@spencergibb Good to know. But the above code did work for me. I've tested it many many times. I think @EnableConfigurationProperties is the default setting now.

[spring-projects-issues]

Closing due to age of the question. If you would like us to look at this issue, please comment and we will look at re-opening the issue.