Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

need spring security java config example showing basic auth only

My current java security config looks as follows:

@Configuration
@EnableWebSecurity
public class RootConfig extends WebSecurityConfigurerAdapter {

@Override
protected void registerAuthentication(AuthenticationManagerBuilder auth) throws Exception
{
auth.inMemoryAuthentication()
    .withUser("tester").password("passwd").roles("USER");
}

@Override
protected void configure(HttpSecurity http) throws Exception {
     http
     .authorizeUrls()
         .anyRequest().authenticated()
         .and()
     .httpBasic();       
  }
}

When I perform a GET request using a browser, I'll get an error 403. I would expect to get a browser popup asking me for a username / password. What might be the problem?

like image 655
user2566273 Avatar asked Jul 09 '13 22:07

user2566273


People also ask

How do I exclude Spring Security auto configuration?

If you find that specific auto-configure classes are being applied that you don't want, you can use the exclude attribute of @EnableAutoConfiguration to disable them. If the class is not on the classpath, you can use the excludeName attribute of the annotation and specify the fully qualified name instead.

How do I manually set an authenticated user in Spring Security?

Simply put, Spring Security hold the principal information of each authenticated user in a ThreadLocal – represented as an Authentication object. In order to construct and set this Authentication object – we need to use the same approach Spring Security typically uses to build the object on a standard authentication.


1 Answers

UPDATE: This is fixed in Spring Security 3.2.0.RC1+

This is a bug in the Security Java Configuration that will be resolved for the next release. I have created SEC-2198 to track it. For now, a work around is to use something like the following:

@Bean
public BasicAuthenticationEntryPoint entryPoint() {
    BasicAuthenticationEntryPoint basicAuthEntryPoint = new BasicAuthenticationEntryPoint();
    basicAuthEntryPoint.setRealmName("My Realm");
    return basicAuthEntryPoint;
}

@Override
protected void configure(HttpSecurity http) throws Exception {

    http
        .exceptionHandling()
            .authenticationEntryPoint(entryPoint())
            .and()
        .authorizeUrls()
            .anyRequest().authenticated()
            .and()
        .httpBasic();       
}

PS: Thanks for giving Spring Security Java Configuration a try! Keep the feedback up :)

like image 141
Rob Winch Avatar answered Oct 11 '22 18:10

Rob Winch