Search code examples
javaspring-bootauthenticationauthorizationwebsecurity

Authenticating without WebSecurityConfigurerAdapter

I've been following issues such as this one in order to figure out how to implement Authentication without WebSecurityConfigurerAdapter, but my code simply fails to work.

This is my SecurityConfig class:

package com.authentication.take.security;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Lazy;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;

import com.authentication.take.services.CustomUserDetailsService;

@Configuration
@EnableWebSecurity
public class SecurityConfig {
    
    private final CustomUserDetailsService customUserDetailsService;
    private final AuthenticationConfiguration configuration;

    public SecurityConfig(CustomUserDetailsService customUserDetailsService,
            AuthenticationConfiguration configuration) {
        super();
        this.customUserDetailsService = customUserDetailsService;
        this.configuration = configuration;
    }
    
    @Bean
    public PasswordEncoder getPasswordEncoder() {
        return NoOpPasswordEncoder.getInstance();
    }
    
    @Bean
    protected SecurityFilterChain filterChain(HttpSecurity http) 
    throws Exception {
        http
                .cors().and().csrf().disable()
                .authorizeRequests()
                .antMatchers("/yolo/**").permitAll()
                .anyRequest().authenticated()
                .and().formLogin()
                .loginPage("/login").permitAll()
                .and()
                .logout().permitAll();
        return http.build();
    }
    
    @Bean
    AuthenticationManager authenticationManager() throws Exception {
        return configuration.getAuthenticationManager();
    }
    
    void configure(AuthenticationManagerBuilder builder) throws Exception {
        builder.userDetailsService(customUserDetailsService).passwordEncoder(getPasswordEncoder());
    }
}

The problem I am getting is that the /login route is being overriden somehow, and cannot be found. Therefore, when I post data to /login, it isn't interpreted because there is no form in that location.

Solution

  • just add loginProcessingUrl()

    ....
 http
            .cors().and().csrf().disable()
            .authorizeRequests()
            .antMatchers("/yolo/**").permitAll()
            .anyRequest().authenticated()
            .and().formLogin()
            .loginPage("/login").permitAll().loginProcessingUrl("/login")//or any another url ,this url accept just post request
            .and()
            .logout().permitAll();