11

I'm struggling with the problem from the title for few days already and I'm pretty frustrated. I have no idea what I'm doing wrong and why my implementation isn't working.

Let me show you what I've got:

Custom AuthenticationProvider:

@Component
public class AuthProvider implements AuthenticationProvider {

    private Logger logger = LoggerFactory.getLogger(AuthProvider.class);

    public AuthProvider() {
        logger.info("Building...");
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        logger.info("Authenticate...");
        return null;
    }

    public boolean supports(Class<?> authentication) {
        logger.info("Supports...");
        return true;
    }
}

WebSecurity config:

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private AuthProvider authProvider;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(authProvider);
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests().anyRequest().authenticated();
    }
}

As you can see I've added loggers into the AuthenticationProvider but not any of them is getting called.

What I've tried:

  • adding @Autowired to configure where the AuthenticationManagerBuilder is
  • adding @EnableGlobalMethodSecurity(prePostEnabled=true) to the class
  • adding custom AuthenticationProvider directly to HttpSecurity

How I've tested it:

  • debugging via IntelliJ - no results, no breakpoint is getting called.
  • running the app and sending a request - also no results, no logs, nothing.

Please guys help me somehow. I'm outta energy. I hate wasting so much time on things that should just work :(

Improve this question
7
  • @dur Is this information necessary in case of this problem? I don't have any authentication right now, that's why I wanted to create my own AuthProvider. I'm planning to authenticate JWT. Commented Sep 2, 2016 at 9:04
  • @dur 403 Forbidden. Commented Sep 2, 2016 at 9:38
  • @dur http.authorizeRequests().anyRequest().authenticated(); isn't making it to authenticate all requests? I think that I don't understand it properly :D Commented Sep 2, 2016 at 13:15
  • 1
    That's the reason, why you get a 403. If you use permitAll you will get a 200 with anonymous user, too. Before you write your own AuthenticationProvider, you should learn the core concepts of Spring Security, please read Spring Security Reference. Commented Sep 2, 2016 at 13:31
  • That sounds reasonable. Thanks anyways for pointing this out and sorry for taking Your time! I thought that I understand this properly :) Commented Sep 2, 2016 at 15:04

2 Answers 2

Reset to default
8

Probably you missed the following method in your WebSecurityConfigurerAdapter:

@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
    return super.authenticationManagerBean();
}

The same happened to me.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Using the isAssignableFrom() method instead of instead of == or equals we get a true, then the flow would pass through authenticate()

override fun supports(authentication: Class<*>): Boolean {
    return UsernamePasswordAuthenticationToken::class.java.isAssignableFrom(authentication)
}

GL

Source

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.