Is there a way to configure basic authentication and log in for the same REST service? I would like the logged in user to run this service both through a web browser after logging in and from the command line running curl -u username:password hostname.com/api/process Now I saw this post: Basic and formal authentication using Spring Security Javaconfig but it is a little different from what I'm trying to do. Is there any way to set this using spring? Now I have the following:
package com.my.company.my.app.security; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.provisioning.JdbcUserDetailsManager; import javax.sql.DataSource; @Configuration @EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired DataSource dataSource; private static final org.slf4j.Logger logger = LoggerFactory.getLogger(SecurityConfig.class); @Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/js/**", "/css/**") .permitAll(); http .authorizeRequests() .antMatchers("/api/**") .authenticated() .and() .httpBasic(); http .authorizeRequests() .antMatchers("/","/index") .authenticated() .and() .formLogin() .loginPage("/login") .loginProcessingUrl("/j_spring_security_check") .defaultSuccessUrl("/monitor") .failureUrl("/login?error") .usernameParameter("j_username") .passwordParameter("j_password") .permitAll() .and() .logout() .logoutUrl("/j_spring_security_logout") .logoutSuccessUrl("/login?logout") .permitAll() .and() .csrf() .disable(); } @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { auth.jdbcAuthentication().dataSource(dataSource) .passwordEncoder(passwordEncoder()) .usersByUsernameQuery("SELECT username, password, enabled FROM users WHERE username=?") .authoritiesByUsernameQuery("SELECT username, authority FROM authorities WHERE username=?"); } @Bean public PasswordEncoder passwordEncoder() { PasswordEncoder encoder = new BCryptPasswordEncoder(); return encoder; } }
The only problem is that it does not redirect to my login page when hostname.com/index or hostname.com/ called and windows pop up asking for basic credentials.
spring authentication spring-security
Sok pomaranczowy
source share