Spring boot basic authentication

Question

I\'m using spring boot security to help me to make authentication...

    org.springframework.boot
    

        

Answer 1

You need to permit access to the login endpoint (at least). E.g.

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests().antMatchers("/login", "/error").permitAll()
            .antMatchers("/**").authenticated().and().exceptionHandling()
            .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login"));
}

If I were you I would remove the @EnableWebSecurity (and let Spring Boot do it's job) as well. And then in the login endpoint you need to set the security context, e.g.

@PostMapping
public void authenticate(@RequestParam Map map,
        HttpServletRequest request, HttpServletResponse response) throws Exception {
    Authentication result = authService.authenticate(map.get("username"), map.get("password"));
    SecurityContextHolder.getContext().setAuthentication(result);
    handler.onAuthenticationSuccess(request, response, result);
}

The authService should throw BadCredentialsException if the user cannot be authenticated. Here's a sample app that I used in a blog once: https://github.com/dsyer/mustache-sample/blob/7be8459173d0b65b6d44d05f86e581d358ea9b2e/src/main/java/com/example/DemoApplication.java#L177