Spring-Boot: Specify REALMs (security constraints and roles) and CLIENT-CERT authentication in Java code configuration (not XML)? -

I'm trying to get to work on the link below authentication realm client CERT: < / P>

However, the following web.xml ,

  & lt; Web-App & gt; & Lt; Security-lock & gt; & Lt; Web resource collection & gt; & Lt; Web-Resource-Name & gt; Demo app & lt; / Web-resource-name & gt; & Lt; URL pattern & gt; / Safe / * & lt; / URL pattern & gt; & Lt; / Web resource collection & gt; & Lt; Auth-obstructing & gt; & Lt; Role Name & gt; Secureconn & lt; / Role Name & gt; & Lt; / Auth-Barrier & gt; & Lt; / Safety-barrier & gt; & Lt; Login to- config & gt; & Lt; Auth-Method & gt; Client-CERT & lt; / Auth-method & gt; & Lt; Realm-name & gt; Demo app & lt; / Realm-name & gt; & Lt; / Login-config & gt; & Lt; Security-roles & gt; & Lt; Role Name & gt; Secureconn & lt; / Role Name & gt; & Lt; / Safety-roles & gt; & Lt; / Web application & gt;  

And I used the following link for HTTPS to work normally:

And so I have something like this :

  @Configuration @ComponentScan @EnableAutoConfiguration public class application {@Bean public EmbeddedServletContainerFactory servletContainer () {TomcatEmbeddedServletContainerFactory factory = new TomcatEmbeddedServletContainerFactory (); Factory.addContextCustomizers (TomcatContextCustomizer) customizer - & gt; {// it is empty at this time}}; Factory.addConnectorCustomizers ((Tomcat detector customizer) (connector cone) - & gt; {//..configuration}); Return factory;  

And I also want to enable this spring safety:

  @Configuration @EnableWebMvcSecurity public square WebSecurityConfig extends WebSecurityConfigurerAdapter {@Override void configure protected (HttpSecurity http ) Exceptions thrown by {//} some configuration on sample from https://spring.io/guides/gs/securing-web/} ...}  

This I think embedded Tomcat does not really care that web.xml is about content, so I guess I have to configure Java, No. By using the need context customizer . I have not got any resources to do this and the most criteria are string , so I'm guessing that I'm doing something wrong or this is not just a document, or I'm seeing the wrong place .

So my question is,

locations, security contraints, and sign configuration should specify / authentication method / url- spring-boot With pattern, does not, then with web.xml?

Optional question,

Use Web.xml if it is possible to insert embedded in spring boot, how is it done?

Edit: Actually, I'm trying to use the Customer-CERT method, it can be HttpSecurity.x509 ( ) which is also in less spec ... I'm lost.

This is a sample using certificate-based authentication on the container level (about stuff Which is more in web.xml than server.exm in non-embedde.D Container) that app is safe if you add WebSecurityConfigurationAdapter and call http.x509 () You will be converted to Certified Principal in an Authentication and will be made available in general. Place Kyoriti.