Menu
I have a situation where I have a RESTful service which is using a pre-authenticated token for authentication. I've implemented my own preAuth filter, and that's working great. My issue is that some requests sent to my service include BasicAuthorization which isn't for my application. (I wish they didn't, and they shouldn't, but they do and I can't control that.)
Now, it seems that Spring Security automatically makes a BasicAuthorization filter, but that filter is catching these irrelevant authentication headers, and then throwing the error:
Error 401 No AuthenticationProvider found for org.springframework.security.authentication.UsernamePasswordAuthenticationToken
So I want to turn off the filters I'm not using in Spring Security, but I can't figure out how. I know I could create dummy filters and replace the auto filters, or I could just delete all basic Auth headers before the application enters the filter chain, but those both seem like hacks.
When I looked in the spring security filter documentation I found the part that shows you how to add a FilterChainProxy, but it seems like I'm having to manually create all the beans for spring security that way. Specifically I got to the part where you need an AccessDecisionManager, but I thought that is what my
<http use-expressions="true" create-session="stateless"
authentication-manager-ref="authenticationManager">
<intercept-url pattern=[etc ...]
stuff was for, and I still want to use that. Anyone have any suggestions?
808
After looking into it for a while, it turns out my example was incomplete. I was using baeldung's spring security with a REST service guide and foolishly included <http-basic /> from that. So ... sorry for the bad question.
111
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
