Custom Authentication Manager with Spring Security and Java Configuration

by

Take a look at my sample below. You have to return an UsernamePasswordAuthenticationToken. It contains the principal and the GrantedAuthorities. Hope I could help šŸ™‚

public Authentication authenticate(Authentication authentication) throws AuthenticationException {
    String username = authentication.getPrincipal() + "";
    String password = authentication.getCredentials() + "";

    User user = userRepo.findOne(username);
    if (user == null) {
        throw new BadCredentialsException("1000");
    }
    if (!encoder.matches(password, user.getPassword())) {
        throw new BadCredentialsException("1000");
    }
    if (user.isDisabled()) {
        throw new DisabledException("1001");
    }
    List<Right> userRights = rightRepo.getUserRights(username);
    return new UsernamePasswordAuthenticationToken(username, null, userRights.stream().map(x -> new SimpleGrantedAuthority(x.getName())).collect(Collectors.toList()));
}

PS: userRepo and rightRepo are Spring-Data-JPA Repositories which access my custom User-DB

SpringSecurity JavaConfig:

@Configuration
@EnableWebMvcSecurity
public class MySecurityConfiguration extends WebSecurityConfigurerAdapter {

public MySecurityConfiguration() {
    super(false);
}

@Override
protected AuthenticationManager authenticationManager() throws Exception {
    return new ProviderManager(Arrays.asList((AuthenticationProvider) new AuthProvider()));
}

}

More Related Contents:

  1. Spring Security : Multiple HTTP Config not working
  2. Filter invoke twice when register as Spring bean
  3. How to get active user’s UserDetails
  4. When using Spring Security, what is the proper way to obtain current username (i.e. SecurityContext) information in a bean?
  5. How to disable spring security for particular url
  6. Difference between Role and GrantedAuthority in Spring Security
  7. Disable Spring Security for OPTIONS Http Method
  8. How to enable HTTP response caching in Spring Boot
  9. RESTful Authentication via Spring
  10. HttpSecurity, WebSecurity and AuthenticationManagerBuilder
  11. How to get the current logged in user object from spring security?
  12. Spring webSecurity.ignoring() doesn’t ignore custom filter
  13. Spring security does not allow CSS or JS resources to be loaded
  14. how to display custom error message in jsp for spring security auth exception
  15. spring web, security + web.xml + mvc dispatcher + Bean is created twice
  16. How to apply Spring Security filter only on secured endpoints?
  17. Spring Security HTTP Basic for RESTFul and FormLogin (Cookies) for web – Annotations
  18. Spring security added prefix “ROLE_” to all roles name?
  19. Why this Spring application with java-based configuration don’t work properly
  20. Spring REST security – Secure different URLs differently
  21. How to solve the ā€œfailed to lazily initialize a collection of roleā€ Hibernate exception
  22. Multipart File Upload Using Spring Rest Template + Spring Web MVC
  23. How to bind an object list with thymeleaf?
  24. How to configure MappingJacksonHttpMessageConverter while using spring annotation-based configuration?
  25. Spring Security 5 : There is no PasswordEncoder mapped for the id “null”
  26. How to reload authorities on user update with Spring Security
  27. Unable to get a generic ResponseEntity where T is a generic class “SomeClass”
  28. How is Spring actually bootstrap?
  29. How to secure REST API with Spring Boot and Spring Security?
  30. Spring MVC PATCH method: partial updates

Leave a Comment