I have application "SecurityManagement" which has implemented spring security feature in which api endpoint can only be accessed only with generated jwt tokens. I need to use SecurityManagement project as a jar dependency to another "XYZ" application and make "XYZ" project api endpoint to access only through jwt tokens. Pls help. TIA
CodePudding user response:
The correct way to share spring code between multiple servicea is to write your own custom starter.
As you can set certain criteras if a library should dynamically be loaded or not.
Doing worldwide ComponentScanscan increase application startuptimes, and also lead to issues as classes that might are not intended to be loaded will be loaded if they are placed in certain packages during startup.
This can also be a security issue as someone would place a malicious class in the spacific package paths and it will automatically get loadad at startup even though you didnt want to.
Never component scan random external packages and just "assume" that there are classes there on the classpath.
CodePudding user response:
After including the jar in your 'XYZ' application, you can add Component scan on the library, and it automatically picks up the filters/config from SecurityManagement
Using annotation Configuration:
@ComponentScan({"com.foo.XYZ", "com.bar.SecurityManagement"})
Using xml:
<context:component-scan base-package=""com.foo.XYZ, com.bar.SecurityManagement" />