How can the answer be improved? Spring Boot makes it fun and easy to build rich Java webapps. It allows you to rapidly develop, test, run and deploy Spring applications. Plus with over 100 starters, Spring Boot provides a huge amount of out-of-the-box functionality that traditionally you had to build yourself.
![Spring Boot Custom Database Authentication Spring Boot Custom Database Authentication](/uploads/1/2/4/7/124716375/663489989.png)
I have rather special requirements for authentication (being a username, password and device or just device to enter). This made me conclude that the usual UsernamePasswordAuthenticationFilter wasn't going to work, so I set up my own filter, provider and token, which are shown below. First the provider:
the token:
and the filter:
Now, I have a security config which looks like this:
and finally, the test context (note the springSecurityFilterChain autowiring)
What's basically happening is that the login request is being intercepted by the normal UsernamePasswordAuthenticationFilter and not my custom authentication. I would have thought that the SecurityConfig would have ensured that the right substitutions were made, but it seems that the usage of:
overrides that? does anyone know why?
Michael Coxon
Michael CoxonMichael Coxon
2 Answers
You have 3 filter chains (as far as we can tell). One default one (the outer
WebConfigurerAdapter
), and 2 custom ones (one has explicit httpBasic()
and the other has formLogin()
). The default one has order=0 I think, and protects everything, so that's the one that you will meet if you send a request into the whole filter. So that's probably a problem. And none of them (as far as I can see) installs your device details filter, so the authentication provider you added will never be used. That's another problem.Dave SyerDave Syer
Ultimately, it turns out that if you are overriding the
UsernamePasswordAuthenticationFilter
, Provider
and Token
, you need to go back to XML configuration. It seems that Spring Security does not properly publish the overridden vanilla spring SecurityFilterChain
as a bean, so this is what you get the vanilla version back no matter what you try to configure.Perhaps when Spring Security goes to version 4.0.0, we'll be able to do this by Java Configuration.
user1846065
Michael CoxonMichael Coxon
Not the answer you're looking for? Browse other questions tagged spring-securityspring-bootspring-java-config or ask your own question.
I am developing a small app with spring-boot and angularjs. The idea is that the backend of the application expose some services, and the frontend consume these services. I am trying to setup basic authentication
This is my pom.xml
both are in the same version 1.1.1.RELEASE. My WebSecurityConfig
This is not working. Seems that the user and password are not set in memory.
When spring boot runs, it creates a default password, here is what appear in the console
And the application work with that password.
Thank you
agusgambina
agusgambinaagusgambina
4 Answers
You can override the default user name (default value = user) and the password that is generated on the fly, by setting below properties in your
application.properties
file:In order to register more than one user, you would need to build our own
AuthenticationManager
configuration.CodeNotFoundCodeNotFound
I was having this problem too, with an OAuth2 application. In the Authorization Server Config, I was using what turned out to be the global AuthenticationManager.
But the AuthenticationManager I built is only scoped to the WebSecurityConfigurerAdapter. Instead of Overriding the configure method, I used this configureGlobal method and then everything fell into place, with no warnings or NullReferenceExceptions
qanwi1970qanwi1970
In your configur(HttpSecurity http) method, your last setup says
.anyRequest().authenticated()
, so it will require that users be authenticated for all requests.Try the following.
Patrick GrimardPatrick Grimard
![Connect Connect](/uploads/1/2/4/7/124716375/250296346.jpg)
This way worked, first I changed dependencies in the pom.xml
Then I changed the class WebSecurityConfig
agusgambinaagusgambina