Basic Auth + oAuth Implementation in Spring Boot

Question

I am trying to implement Basic Auth + oAuth2 in springboot, means some url should work like traditional way after login to system, and some should work on AOuth2.

Li

Answer 1

If you need different security setups for different parts of your application, you need to create separate Spring Security @Configuration-s, where each one will configure just one authentication mechanism. Each configuration should specify the URIs it covers and the configurations need to be @Order-ed. The configuration without the @Order annotation is considered the last - the fallback. It's described in the Spring Security reference manual.

So you will need three configurations:

1. One for the http.antMatcher("/superAdmin/**")... with @Order(1).
2. One for the API http.antMatcher("/api/vi/**")... with @Order(2).
3. A fallback config without authentication for other resources, without the @Order annotation specified.