I have a config file which specifies the authentication mechanism e.g:
application.yml:
security:
method: "form"
vs.
security:
method: "oauth2"
And 2 corresponding Java classes e.g DefaultFormSecurityConfig.java, which use org.springframework.security annotations:
@Configuration
@EnableWebSecurity
@ConditionalOnProperty(value = "security.method", havingValue = "form")
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true)
public class DefaultFormSecurityConfig extends AbstractFormSecurityConfig {}
And DefaultOAuth2SecurityConfig.java:
@Configuration
@EnableWebSecurity
@ConditionalOnProperty(value = "security.method", havingValue = "oauth2")
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true)
public class DefaultOAuth2SecurityConfig extends AbstractOAuth2SecurityConfig {}
This works fine, which ever config value is specified during application start-up, the corresponding Java class will be instantiated and configure the application.
However I now have a requirement to move the specification of the authentication config value to some other location e.g a specific XML file that Spring would not read from.
Is there a programmatic API that I could essentially instantiate the required Java class after detecting either form/oauth2 and have all the Spring annotations for that class become active? e.g
if (auth.equals("form")) {
new DefaultFormSecurityConfig()
}
Is it as simple as creating an instance of the right class, or does something need to be done in order for the annotations to also become active?
