21

How can I define a custom Authentication provider by using Spring Security with Java Configurations? I would like to perform a login checking credentials on my own database.

Improve this question
1
  • spring security documentations gives you all the info you need - how to configure your configuration' XML and endpoints. in addition, you will have to support flows like "create account", "forgot password", etc, which you can use this open source: github.com/OhadR/oAuth2-sample/tree/master/authentication-flows Commented Mar 24, 2014 at 10:37

2 Answers 2

Reset to default
45

The following does what you need (CustomAuthenticationProvider is your implementation which needs to be managed by Spring)

@Configuration
@EnableWebMvcSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private CustomAuthenticationProvider customAuthenticationProvider;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        /**
         * Do your stuff here
         */
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(customAuthenticationProvider);
    }
}
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Is it possible to register a custom authentication provider in addition to the existing ones?
@Seppl I dont think that something like that exists out of the box (although I could easily be mistaked), but I'm pretty sure that something like that could be implemented relatively easily. Check out this
According to the Spring Docu, auth.authenticationProvider() will "Add authentication based upon the custom AuthenticationProvider that is passed in." I'd guess that you get a stack of providers in this way.
8

As shown on baeldung.com, define your authentication provider as follow:

@Component
public class CustomAuthenticationProvider implements AuthenticationProvider {

    @Override
    public Authentication authenticate(Authentication authentication) 
      throws AuthenticationException {

        String name = authentication.getName();
        String password = authentication.getCredentials().toString();

        if (shouldAuthenticateAgainstThirdPartySystem(username, password)) {

            // use the credentials
            // and authenticate against the third-party system
            return new UsernamePasswordAuthenticationToken(
              name, password, new ArrayList<>());
        } else {
            return null;
        }
    }

    @Override
    public boolean supports(Class<?> authentication) {
        return authentication.equals(
          UsernamePasswordAuthenticationToken.class);
    }
}

and following code is corresponding java config:

@Configuration
@EnableWebSecurity
@ComponentScan("org.project.security")
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private CustomAuthenticationProvider authProvider;

    @Override
    protected void configure(
      AuthenticationManagerBuilder auth) throws Exception {

        auth.authenticationProvider(authProvider);
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().anyRequest().authenticated()
            .and()
            .httpBasic();
    }
}
Improve this answer

1 Comment

You just copied that straight from baeldung.com/spring-security-authentication-provider . While the answer is certainly helpful, attributing sources is necessary as well.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.