Java Spring Security config – multiple authentication providers

by

May be this will help you :-

@Configuration
@EnableWebSecurity
@Profile("container")
public class XSecurityConfig extends WebSecurityConfigurerAdapter {

@Autowired
private AuthenticationProvider authenticationProvider;

@Autowired
private AuthenticationProvider authenticationProviderDB;

@Override
@Order(1)

protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.authenticationProvider(authenticationProvider);
}

@Order(2)
protected void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
    auth.authenticationProvider(authenticationProviderDB);
}

@Override
  public void configure(WebSecurity web) throws Exception {
    web
      .ignoring()
         .antMatchers("/scripts/**","/styles/**","/images/**","/error/**");
  }

@Override
public void configure(HttpSecurity http) throws Exception {
    http
            .authorizeRequests()
            .antMatchers("/rest/**").authenticated()
            .antMatchers("/**").permitAll()
            .anyRequest().authenticated()
            .and()
            .formLogin()
            .successHandler(new AuthenticationSuccessHandler() {
                @Override
                public void onAuthenticationSuccess(
                        HttpServletRequest request,
                        HttpServletResponse response,
                        Authentication a) throws IOException, ServletException {
                            //To change body of generated methods,
                            response.setStatus(HttpServletResponse.SC_OK);
                        }
            })
            .failureHandler(new AuthenticationFailureHandler() {

                @Override
                public void onAuthenticationFailure(
                        HttpServletRequest request,
                        HttpServletResponse response,
                        AuthenticationException ae) throws IOException, ServletException {
                            response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
                        }
            })
            .loginProcessingUrl("/access/login")
            .and()
            .logout()
            .logoutUrl("/access/logout")                
            .logoutSuccessHandler(new LogoutSuccessHandler() {
                @Override
                public void onLogoutSuccess(
                        HttpServletRequest request, 
                        HttpServletResponse response, 
                        Authentication a) throws IOException, ServletException {
                    response.setStatus(HttpServletResponse.SC_NO_CONTENT);
                }
            })
            .invalidateHttpSession(true)
            .and()
            .exceptionHandling()
            .authenticationEntryPoint(new Http403ForbiddenEntryPoint())
            .and()
            .csrf()//Disabled CSRF protection
            .disable();
    }
}

More Related Contents:

  1. How To Inject AuthenticationManager using Java Configuration in a Custom Filter
  2. Spring boot Security Disable security
  3. How to dynamically decide access attribute value in Spring Security?
  4. What’s the difference between @Secured and @PreAuthorize in spring security 3?
  5. CharacterEncodingFilter don’t work together with Spring Security 3.2.0
  6. Standalone Spring OAuth2 JWT Authorization Server + CORS
  7. Spring Security: how to exclude certain resources?
  8. How do I remove the ROLE_ prefix from Spring Security with JavaConfig?
  9. Feign and Spring Security 5 – Client Credentials
  10. Multiple roles using @PreAuthorize
  11. Spring security 3.1.4 and ShaPasswordEncoder deprecation
  12. disabling spring security in spring boot app [duplicate]
  13. Multiple Authentication Providers in Spring Security
  14. Custom Authentication provider with Spring Security and Java Config
  15. Spring Security Configuration – HttpSecurity vs WebSecurity
  16. Spring Java Config: how do you create a prototype-scoped @Bean with runtime arguments?
  17. Configuring Spring Security 3.x to have multiple entry points
  18. Spring Boot 2.0.x disable security for certain profile
  19. Disable Spring Security for OPTIONS Http Method
  20. How to manually log out a user with spring security?
  21. Prevent Spring Boot from registering a servlet filter
  22. Spring + Web MVC: dispatcher-servlet.xml vs. applicationContext.xml (plus shared security)
  23. Combining basic authentication and form login for the same REST Api
  24. Spring Security with SOAP web service is working in Tomcat, but not in WebLogic
  25. JAAS for human beings
  26. Spring security: adding “On successful login event listener”
  27. How to reload authorities on user update with Spring Security
  28. Spring security @PreAuthorize hasRole() properties injection
  29. How to secure REST API with Spring Boot and Spring Security?
  30. Why BCryptPasswordEncoder from Spring generate different outputs for same input?

Leave a Comment