Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

need spring security java config example showing basic auth only

Tags:

spring-security

My current java security config looks as follows:

@Configuration
@EnableWebSecurity
public class RootConfig extends WebSecurityConfigurerAdapter {

@Override
protected void registerAuthentication(AuthenticationManagerBuilder auth) throws Exception
{
auth.inMemoryAuthentication()
    .withUser("tester").password("passwd").roles("USER");
}

@Override
protected void configure(HttpSecurity http) throws Exception {
     http
     .authorizeUrls()
         .anyRequest().authenticated()
         .and()
     .httpBasic();       
  }
}

When I perform a GET request using a browser, I'll get an error 403. I would expect to get a browser popup asking me for a username / password. What might be the problem?

like image 655
user2566273 Avatar asked Jul 09 '13 22:07

user2566273

People also ask

How do I exclude Spring Security auto configuration?

If you find that specific auto-configure classes are being applied that you don't want, you can use the exclude attribute of @EnableAutoConfiguration to disable them. If the class is not on the classpath, you can use the excludeName attribute of the annotation and specify the fully qualified name instead.

How do I manually set an authenticated user in Spring Security?

Simply put, Spring Security hold the principal information of each authenticated user in a ThreadLocal – represented as an Authentication object. In order to construct and set this Authentication object – we need to use the same approach Spring Security typically uses to build the object on a standard authentication.

1 Answers

UPDATE: This is fixed in Spring Security 3.2.0.RC1+

This is a bug in the Security Java Configuration that will be resolved for the next release. I have created SEC-2198 to track it. For now, a work around is to use something like the following:

@Bean
public BasicAuthenticationEntryPoint entryPoint() {
    BasicAuthenticationEntryPoint basicAuthEntryPoint = new BasicAuthenticationEntryPoint();
    basicAuthEntryPoint.setRealmName("My Realm");
    return basicAuthEntryPoint;
}

@Override
protected void configure(HttpSecurity http) throws Exception {

    http
        .exceptionHandling()
            .authenticationEntryPoint(entryPoint())
            .and()
        .authorizeUrls()
            .anyRequest().authenticated()
            .and()
        .httpBasic();       
}

PS: Thanks for giving Spring Security Java Configuration a try! Keep the feedback up :)

like image 141
Rob Winch Avatar answered Oct 11 '22 18:10

Rob Winch
Sign in to Comment

Related questions

How to use @PathVariable to resolve parameter name in Spring Security?
ErrorHandling in Spring Security for @PreAuthorize AccessDeniedException returns 500 rather then 401
'Invalid bean definition' when migrating Spring Boot 2.0.6 to 2.1.0 with EvaluationContextExtensionSupport and custom PermissionEvaluator
How to change Spring Security roles by context?
Where do I define `springSecurityFilterChain` bean?
OAuth2ClientContext (spring-security-oauth2) not persisted in Redis when using spring-session and spring-cloud-security
How is SecurityContextLogoutHandler's clearAuthentication not threadsafe?
How to set proxy on spring oauth2 OAuth2AccessToken request or How to override OAuth2AccessTokenSupport restTemplate variable?
How to integrate Spring Security and Struts2
Spring Security, Customizing Authorization, AccessDecisionManager vs Security Filter
spring-security java config: How to configure Multiple AuthenticationManager instances
Uploading File Returns 403 Error - Spring MVC
SpringBoot, how to Authenticate with LDAP without using ldif?
Authenticate only selected rest end points : spring boot
Why does Spring Security not provide character array parameters for passwords
Controller (web request/antMatcher) security vs method(service) level security
Spring Boot - require api key AND x509, but not for all endpoints
Setting user roles based on some kind of ownership in Spring Security
Spring Security using both username or email
Destroy a session of another user in spring

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!