0

I need to have 2 implementations of AuthenticationProvider required for spring security. One is WindowsAuthenticationProvider (retrieve the user logged in windows - through waffle connector)

So I configure like this :

@Configuration
@EnableWebSecurity
public class WaffleConfig extends WebSecurityConfigurerAdapter {
@Override
    protected void configure(HttpSecurity http) throws Exception {

 http.csrf().disable()


//basic auth for rest endpoint callers
                .antMatcher("/api/**")
                .authorizeRequests()
                .antMatchers("/api/**")
                .authenticated()
                .and()
                .authenticationProvider(inMemoryAuthenticationProvider)
                .httpBasic()
                .and()
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)

//waffle for spring mvc users (with prime faces)
                .and()
                .antMatcher("/secure/**")
                .authorizeRequests()
                .antMatchers("/secure/**").authenticated()
                .and()
                .authenticationProvider(windowsAuthProvider)
                .httpBasic()
                .authenticationEntryPoint(negotiateSecurityFilterEntryPoint)
                .and()
                .addFilterBefore(negotiateSecurityFilter, BasicAuthenticationFilter.class);
}
}

The problem is this line :

.authenticationProvider(inMemoryAuthenticationProvider)

I just want to do like my inmemory authentication :

@Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {

 GrantedAuthority ga = new GrantedAuthority() {
            @Override
            public String getAuthority() {
                return "eligibilite:read";
            }
        };
        GrantedAuthority gaw = new GrantedAuthority() {
            @Override
            public String getAuthority() {
                return "eligibilite:write";
            }
        };
   
        auth.inMemoryAuthentication()
                .withUser("francois")
                .password("{noop}fournel")
                .authorities(Arrays.asList(ga))
                .and()
                .withUser("francois2")
                .password("{noop}fournel2")
                .authorities(Arrays.asList(gaw));
}

For windows connection through waffle I already defined the auth provider :

 @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(windowsAuthProvider)
}

I need to define the "In memory authentication provider", but I don't know how to define and create this object.

François F.
  • 229
  • 2
  • 17
  • Does this help https://spring.io/blog/2022/02/21/spring-security-without-the-websecurityconfigureradapter? In-Memory Authentication section – Marcus Hert da Coregio Oct 31 '22 at 15:59
  • I'am under spring 4.0.3.RELEASE – François F. Oct 31 '22 at 16:10
  • I followed the part "5.8 Multiple HttpSecurity" at https://docs.spring.io/spring-security/site/docs/5.0.0.RC1/reference/htmlsingle/#multiple-httpsecurity And the code is Spring 4.0 compatible. But the problem is I have only one AuthenticationProvider that operates ! The basicAuth one, not the windows one. In fact, the first in the @Order is executed. – François F. Oct 31 '22 at 16:43

0 Answers0