logo
down
shadow

401 on URL authentication with Spring boot & Spring security


401 on URL authentication with Spring boot & Spring security

By : Dinia
Date : November 20 2020, 03:01 PM
Hope that helps Spring Security's Basic Authentication requires that the username:password be a Base64 encoded string in the header.
code :
Base64.encode("username:password");


Share : facebook icon twitter icon
Spring boot using Spring Security authentication failure when using SpringPlainTextPasswordValidationCallbackHandler in

Spring boot using Spring Security authentication failure when using SpringPlainTextPasswordValidationCallbackHandler in


By : user3754431
Date : March 29 2020, 07:55 AM
With these it helps Ok I figured this out so though I would post for anyone trying this in the future.
I resolved this problem by changing my spring boot class to:
code :
@SpringBootApplication
@EnableGlobalMethodSecurity(securedEnabled = true)
public class SwitchxApplication extends WebMvcConfigurerAdapter {

    @SuppressWarnings("unused")
    private static final Logger log = LoggerFactory.getLogger(SwitchxApplication.class);

    @Bean
    public ApplicationSecurity applicationSecurity() {
        return new ApplicationSecurity();
    }

    @Configuration
    @Order(Ordered.HIGHEST_PRECEDENCE)
    protected static class AuthenticationConfiguration extends GlobalAuthenticationConfigurerAdapter {              

        @Bean
        @ConfigurationProperties(prefix="ldap.contextSource")
        public LdapContextSource contextSource() {
            LdapContextSource contextSource = new LdapContextSource();
            return contextSource;
        }

        @Override
        public void init(AuthenticationManagerBuilder auth) throws Exception {
            auth
                .ldapAuthentication()
                    .userSearchBase("cn=Users,dc=Blah,dc=co,dc=za")
                    .userSearchFilter("(uid={0})")
                    .groupSearchBase("cn=Groups,dc=Blah,dc=co,dc=za")
                    .groupSearchFilter("(&(cn=*)(|(objectclass=groupofUniqueNames)(objectclass=orcldynamicgroup)))")
                    .contextSource(contextSource());
        }
    }

@Order(Ordered.LOWEST_PRECEDENCE - 8)
protected static class ApplicationSecurity extends WebSecurityConfigurerAdapter {       

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
        .authorizeRequests()
            .antMatchers("/ws/**").permitAll()
            .anyRequest().authenticated()
            .and()
            .csrf().disable()
        .httpBasic();
    }       
}

    public static void main(String[] args) {
        SpringApplication.run(SwitchxApplication.class, args);
    }
}
@EnableWs
@Configuration  
public class WebServiceConfig extends WsConfigurerAdapter {

    private static final Logger log = LoggerFactory.getLogger(WebServiceConfig.class);

    @Autowired
    private AuthenticationManager authenticationManager;

    @Bean
    public ServletRegistrationBean messageDispatcherServlet(ApplicationContext applicationContext) {
        MessageDispatcherServlet servlet = new MessageDispatcherServlet();
        servlet.setApplicationContext(applicationContext);
        servlet.setTransformWsdlLocations(true);
        return new ServletRegistrationBean(servlet, "/ws/*");
    }

    .....
    .....

    @Bean
    public SpringPlainTextPasswordValidationCallbackHandler callbackHandler() {
        SpringPlainTextPasswordValidationCallbackHandler callbackHandler = new SpringPlainTextPasswordValidationCallbackHandler();
        try { 
            callbackHandler.setAuthenticationManager(authenticationManager);
        } catch(Exception e) {
            log.error(e.getMessage());
        }
        return callbackHandler;
    }

    @Bean
    public XwsSecurityInterceptor securityInterceptor() {

        XwsSecurityInterceptor securityInterceptor = new XwsSecurityInterceptor();
        securityInterceptor.setCallbackHandler(callbackHandler());
        securityInterceptor.setPolicyConfiguration(new ClassPathResource("securityPolicy.xml"));
        return securityInterceptor;
    }

    @Override
    public void addInterceptors(List<EndpointInterceptor> interceptors) {
        interceptors.add(securityInterceptor());
    }
}
how to achieve Ldap Authentication using spring security(spring boot)

how to achieve Ldap Authentication using spring security(spring boot)


By : Gaurav Bahl
Date : March 29 2020, 07:55 AM
To fix this issue First of all, I think your HttpSecurity config is wrong. You want to protect ALL the endpoints. Don't you?
So change it to the following:
code :
http.httpBasic()
        .and()
        .authorizeRequests()
        .anyRequest()
        .authenticated()
        .and()
        .csrf()
        .csrfTokenRepository(csrfTokenRepository())
        .and()
        .addFilterAfter(csrfHeaderFilter(), CsrfFilter.class);
auth.ldapAuthentication()
        .userSearchFilter("uid={0}")
        .contextSource()
        .url("ldap://192.168.11.11:1234/dc=intern,dc=xyz,dc=com");
auth.inMemoryAuthentication().withUser("user").password("password").authorities("ROLE_USER");
Spring Boot REST API/Spring Security: Return custom message when authentication fails

Spring Boot REST API/Spring Security: Return custom message when authentication fails


By : Suriya prakash
Date : March 29 2020, 07:55 AM
it helps some times WebSecurityConfigurerAdapter appraoch
The HttpSecurity class has a method called exceptionHandling which can be used to override the default behavior. The following sample presents how the response message can be customized.
code :
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        // your custom configuration goes here
        .exceptionHandling()
        .authenticationEntryPoint((request, response, e) -> {
            String json = String.format("{\"message\": \"%s\"}", e.getMessage());
            response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
            response.setContentType("application/json");
            response.setCharacterEncoding("UTF-8");
            response.getWriter().write(json);                
        });
}
import org.springframework.http.HttpStatus;
import org.springframework.security.core.AuthenticationException;

@ControllerAdvice
public class AuthExceptionHandler {

    @ResponseStatus(HttpStatus.UNAUTHORIZED)
    @ExceptionHandler(AuthenticationException.class)
    @ResponseBody
    public String handleAuthenticationException(AuthenticationException e) {
        return String.format("{\"message\": \"%s\"}", e.getMessage());
    }

}
Spring Security with Spring Boot: Mix Basic Authentication with JWT token authentication

Spring Security with Spring Boot: Mix Basic Authentication with JWT token authentication


By : Eddie
Date : March 29 2020, 07:55 AM
wish of those help The reason why is because neither ApiWebSecurityConfigurationAdapter nor FormLoginWebSecurityConfig uses the antMatcher(). This means that both security configurations will handle all paths, even though you're using antMatchers() afterwards. Due to this, the configuration with the lowest order (@Order(1)) will handle everything, while the other one will do nothing.
This is also mentioned in the docs:
code :
@Override
protected void configure(HttpSecurity http) throws Exception {          
    http
        .antMatcher("/console/**") // Add this
        .httpBasic().and()
        .exceptionHandling().authenticationEntryPoint(consoleAuthenticationEntryPoint).and()
        .authorizeRequests().antMatchers("/console/**").authenticated()
        .antMatchers(HttpMethod.GET,
                "/*.html",
                "/favicon.ico",
                "/**/*.html",
                "/**/*.css",
                "/**/*.js").permitAll()
        .anyRequest().authenticated().and()
        .formLogin().defaultSuccessUrl("/console/home")
        .loginPage("/console/login").permitAll().and()
        .logout().permitAll().and() // Make sure to use .and() to add the .csrf()
        .csrf().disable();
}
Spring security authentication without spring boot doesn't work as opposed to with spring boot and similar configuration

Spring security authentication without spring boot doesn't work as opposed to with spring boot and similar configuration


By : Pedro Marinho
Date : March 29 2020, 07:55 AM
wish of those help The answer is that Spring Boot is simple, Spring itself not so much. My SecurityConfig class was not registered with the WAR. So in order to do this, in the same package as SecurityConfig I had to create 3 classes.
This:
code :
import org.springframework.security.web.context.*;

public class MessageSecurityWebApplicationInitializer
      extends AbstractSecurityWebApplicationInitializer {
}
@Configuration
@ComponentScan
public class RootConfiguration {
}
import org.springframework.web.servlet.support.AbstractAnnotationConfigDispatcherServletInitializer;

public class AppInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {

    @Override
    protected Class<?>[] getRootConfigClasses() {
        return new Class[] { RootConfiguration.class };
    }

    @Override
    protected Class<?>[] getServletConfigClasses() {
        return null;
    }

    @Override
    protected String[] getServletMappings() {
        return new String[] { "/" };
    }
}
Related Posts Related Posts :
  • resteasy ContainerRequestFilter didn't work in springboot
  • Spring boot RestTemplate - multipart/mixed
  • spring boot security dao authentication - authorities removed
  • @Profile Spring Annotation in Camel
  • Use joinfaces with war in wildfly 10
  • How to start a springboot project with wildfly10
  • Spring Boot + Batch : Injected/Autowired beans are null in ItemReader
  • MSIS0037: No signature verification certificate found for issuer
  • Spring kafka transaction id is wrong at start?
  • Springboot cloud Stream with Kafka
  • 400 BAD Request error on HttpMethod.PUT - File upload second time
  • @IfProfileValue not working with JUnit 5 SpringExtension
  • Unable to run Spring Boot simple REST service
  • Hazelcast cluster not available on Eureka
  • Flyway: How to replace deprecated SpringJdbcMigration without getting "FlywayException: Validate failed"?
  • Micrornaut. Logger configuration for an environment
  • shadow
    Privacy Policy - Terms - Contact Us © voile276.org