Combining basic authentication and form login for the same REST Api

by

You can achieve this easily by using multiple http configuration as below, this code only explains multiple http configuration. I am assuming that you are well aware of the other essential configurations related to spring security e.g authenticationManger etc.

    @EnableWebSecurity
    public class MultiHttpSecurityCustomConfig {
        @Autowired
        public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
            auth.inMemoryAuthentication().withUser("user").password("password").roles("USER").and().withUser("admin").password("password")
                    .roles("USER", "ADMIN");
        }

        @Configuration
        @Order(1)
        public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
            protected void configure(HttpSecurity http) throws Exception {
                http.antMatcher("/api/**").authorizeRequests().anyRequest().hasRole("ADMIN").and().httpBasic();
            }
        }

        @Configuration
        public static class FormLoginWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {

            @Override
            protected void configure(HttpSecurity http) throws Exception {
                http.authorizeRequests().anyRequest().authenticated().and().formLogin();
            }


   }
}

Please refer spring security official link: Multiple HttpSecurity

I will also reccomend you to check out Secure REST Services with Spring Security

Feel free to comment if you encounter any problem!

More Related Contents:

  1. How Spring Security Filter Chain works
  2. Configuring Spring Security 3.x to have multiple entry points
  3. How to use OAuth2RestTemplate?
  4. How do I get the Session Object in Spring?
  5. Spring Boot CORS filter – CORS preflight channel did not succeed
  6. How to write a custom filter in spring security?
  7. can I include user information while issuing an access token?
  8. How to manually log out a user with spring security?
  9. Auto login after successful registration
  10. Prevent Spring Boot from registering a servlet filter
  11. Spring + Web MVC: dispatcher-servlet.xml vs. applicationContext.xml (plus shared security)
  12. getting exception: No bean named ‘springSecurityFilterChain’ is defined
  13. Spring Security and @Async (Authenticated Users mixed up)
  14. antMatchers that matches any beginning of path
  15. Spring Security: mapping OAuth2 claims with roles to secure Resource Server endpoints
  16. How to use multiple login pages one for admin and the other one for user
  17. Multiple antMatchers in Spring security
  18. An Authentication object was not found in the SecurityContext – Spring 3.2.2
  19. Spring Security 3.2 CSRF disable for specific URLs
  20. Spring Boot with embedded Tomcat behind Apache proxy
  21. Create Account, Forgot Password and Change Password
  22. Spring Social Authentication Filter for Stateless REST Endpoints which use Facebook Token for authentication
  23. Spring Boot: How to specify the PasswordEncoder?
  24. With Spring Security 3.2.0.RELEASE, how can I get the CSRF token in a page that is purely HTML with no tag libs
  25. How to allow a User only access their own data in Spring Boot / Spring Security?
  26. Looking for a Simple Spring security example [closed]
  27. Spring security 4 custom login j_spring_security_check return http 302
  28. Is it possible to invalidate a spring security session?
  29. How to apply Spring Data projections in a Spring MVC controllers?
  30. Custom Authentication provider with Spring Security and Java Config

Leave a Comment