Another option for extending the default security configuration is to extend WebSecurityConfigurerAdapter. Now, WebSecurityConfigurerAdapter provides the base implementation of the Spring Security configuration, which can be easily extended.
You can provide a global authentication manager implementation by creating a bean for AuthenticationManager, and overriding configureGlobal in order to configure it.
An example implementation is shown here:
@Configuration
public class SpringSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("user1").password("{noop}user1-password").roles("ADMIN");
auth.inMemoryAuthentication().withUser("user2").password("{noop}user2-password").roles("USER");
}
In the preceding example, we are configuring in-memory authentication with two users—user1 and user2.
We can also provide a local authentication manager by overriding the configure(AuthenticationManagerBuilder auth) method in WebSecurityConfigurerAdapter, as shown here:
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("user3")
.password("{noop}user3-password").roles("ADMIN");
auth.inMemoryAuthentication().withUser("user4")
.password("{noop}user4-password").roles("USER");
}
In the previous example, we configured an in-memory authentication with two users—user3 and user4.