I am very new to spring security. I am building a project which has login logout feature. I did the configuration as told in the tutorials but is still not allowing to access directly without login. And most of the methods which i use says that it is marked for deprecated or marked for removal. I will be grateful if anyone can guide me
I also noticed that it is not generating the default username and password for login
package com.example.covidsurvey.config;
import org.apache.catalina.security.SecurityConfig;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
@Configuration
@EnableWebSecurity
public class MyConfig {
@Bean
public UserDetailsService getUserDetailServices() {
return new UserDetailServiceImpl();
}
@Bean
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
public DaoAuthenticationProvider authenticationProvider() {
DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
daoAuthenticationProvider.setUserDetailsService(this.getUserDetailServices());
daoAuthenticationProvider.setPasswordEncoder(passwordEncoder());
return daoAuthenticationProvider;
}
@Bean
public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
return authenticationConfiguration.getAuthenticationManager();
}
@Bean
public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {
httpSecurity.csrf().disable()
.authorizeHttpRequests()
.requestMatchers("/admin/**").permitAll()
.and()
.authorizeHttpRequests().requestMatchers("/user/**").permitAll()
.anyRequest()
.authenticated()
.and()
.formLogin();
return httpSecurity.build();
}
}
im not sure what url you want to hit but i believe .authenticated()
is causing spring to want to authenticate you
i would say to check out this response, they do a good job explaining how to enable/disable security for specific endpoints
hope this helps