Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Spring security - Custom AuthenticationProvider not working - Java Config

I'm struggling with the problem from the title for few days already and I'm pretty frustrated. I have no idea what I'm doing wrong and why my implementation isn't working.

Let me show you what I've got:

Custom AuthenticationProvider:

@Component
public class AuthProvider implements AuthenticationProvider {

    private Logger logger = LoggerFactory.getLogger(AuthProvider.class);

    public AuthProvider() {
        logger.info("Building...");
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        logger.info("Authenticate...");
        return null;
    }

    public boolean supports(Class<?> authentication) {
        logger.info("Supports...");
        return true;
    }
}

WebSecurity config:

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private AuthProvider authProvider;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(authProvider);
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests().anyRequest().authenticated();
    }
}

As you can see I've added loggers into the AuthenticationProvider but not any of them is getting called.

What I've tried:

  • adding @Autowired to configure where the AuthenticationManagerBuilder is
  • adding @EnableGlobalMethodSecurity(prePostEnabled=true) to the class
  • adding custom AuthenticationProvider directly to HttpSecurity

How I've tested it:

  • debugging via IntelliJ - no results, no breakpoint is getting called.
  • running the app and sending a request - also no results, no logs, nothing.

Please guys help me somehow. I'm outta energy. I hate wasting so much time on things that should just work :(

like image 892
sarneeh Avatar asked Sep 01 '16 20:09

sarneeh


People also ask

What should I use instead of WebSecurityConfigurerAdapter?

You need to declare SecurityFilterChain and WebSecurityCustomizer beans instead of overriding methods of WebSecurityConfigurerAdapter class.

How do I bypass WebSecurityConfigurerAdapter?

Step 1: Add the security jar or dependency in your application. Step 2: Create a security config class and extend the WebSecurityConfigurerAdapter class. Step 3: Add the annotation @EnableWebSecurity on top of the class. Step 4: For authentication, override the method configure(AuthenticationManagerBuilder auth) .


1 Answers

Probably you missed the following method in your WebSecurityConfigurerAdapter:

@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
    return super.authenticationManagerBean();
}

The same happened to me.

like image 118
Julio Villane Avatar answered Oct 08 '22 01:10

Julio Villane