Spring security - Custom AuthenticationProvider not working

I'm struggling with the problem from the title for few days already and I'm pretty frustrated. I have no idea what I'm doing wrong and why my implementation isn't working.

Let me show you what I've got:

Custom AuthenticationProvider:

@Component
public class AuthProvider implements AuthenticationProvider {

    private Logger logger = LoggerFactory.getLogger(AuthProvider.class);

    public AuthProvider() {
        logger.info("Building...");
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        logger.info("Authenticate...");
        return null;
    }

    public boolean supports(Class<?> authentication) {
        logger.info("Supports...");
        return true;
    }
}

WebSecurity config:

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private AuthProvider authProvider;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(authProvider);
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests().anyRequest().authenticated();
    }
}

As you can see I've added loggers into the AuthenticationProvider but not any of them is getting called.

What I've tried:

adding @Autowired to configure where the AuthenticationManagerBuilder is
adding @EnableGlobalMethodSecurity(prePostEnabled=true) to the class
adding custom AuthenticationProvider directly to HttpSecurity

How I've tested it:

debugging via IntelliJ - no results, no breakpoint is getting called.
running the app and sending a request - also no results, no logs, nothing.

Please guys help me somehow. I'm outta energy. I hate wasting so much time on things that should just work :(

What should I use instead of WebSecurityConfigurerAdapter?

You need to declare SecurityFilterChain and WebSecurityCustomizer beans instead of overriding methods of WebSecurityConfigurerAdapter class.

How do I bypass WebSecurityConfigurerAdapter?

Step 1: Add the security jar or dependency in your application. Step 2: Create a security config class and extend the WebSecurityConfigurerAdapter class. Step 3: Add the annotation @EnableWebSecurity on top of the class. Step 4: For authentication, override the method configure(AuthenticationManagerBuilder auth) .

Probably you missed the following method in your WebSecurityConfigurerAdapter:

@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
    return super.authenticationManagerBean();
}

The same happened to me.

Spring security - Custom AuthenticationProvider not working - Java Config

Tags:

java

security

authentication

spring

spring-security

sarneeh

People also ask

1 Answers

Julio Villane

Recent Activity

Donate For Us