I have a scenario where I need to give access to /api/* REST API when requested with Okta Oauth2.0 token. Due to some use cases, I need to provide basic authentication due to some limitation for the same REST api /api/*
Scenario 1:
user/system will generate the okta oauth2.0 token using clientid and secret and will send that Bearer token to http://localhost:8080/api for token validation to get access.
Scenario 2:
user2/system2 will access using username/password as basic auth to the same rest api path http://localhost:8080/api
Below code is working fine for scenario 1, but how to integrate both oauth2.0 or basic in the same spring boot security configuration project? Please possible provide the complete working code.
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Order(1)
@Configuration
public static class OauthOktaConfigurationAdapter extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/api/**")
.requestMatcher(new BearerRequestMatcher())
.oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt)
.sessionManagement((sessionManagement) ->
sessionManagement
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
);
Okta.configureResourceServer401ResponseBody(http);
}
}
