Java Community | Help. Code. Learn.•12mo ago

How to define 3 authentication ways config - httpBasic, userDetailsService, JsonLoginFilter()

I'm creating an app where a user can authenticate using three ways httpBasic, userDetailsService, JsonLoginFilter().
A user should be authenticated using Spring's default

/login

/login

path. But the type is one of three:
httpBasic:
There must be 2 users in memory database for testing. Simple user with user role and admin user with its role.

userDetailsService:
User and Role entities are read or saved to MySQL database. Authentication is possible when using

UserDetailsService

UserDetailsService

implementation bean.

JsonLoginFilter():
A user sends a request body but not as

x-www-form-urlencoded

x-www-form-urlencoded

form-data

form-data

. The body is raw JSON consisting of a pair <key>: <value> entries. Username and password. And

JsonLoginFilter()

JsonLoginFilter()

is the filter that intercepts it.

This is my configuration:

JavaBot•1/16/25, 6:28 PM

⌛

⌛

This post has been reserved for your question.

Hey @Tomasm21! Please use
/close
/close
or the
Close Post
Close Post
button above when your problem is solved. Please remember to follow the help guidelines. This post will be automatically marked as dormant after 300 minutes of inactivity.

TIP: Narrow down your issue to simple and precise questions to maximize the chance that others will reply in here.

Tomasm21OP•1/16/25, 6:30 PM

It executes well but in console I get:

Tomasm21OP•1/16/25, 6:36 PM

console1.txt1.6KB

Tomasm21OP•1/16/25, 6:37 PM

Problem:

and

Tomasm21OP•1/16/25, 6:38 PM

As a result I can't authenticate in either way. I get an exception:

Tomasm21OP•1/16/25, 6:39 PM

console2.txt12.21KB

Tomasm21OP•1/16/25, 6:42 PM

I want to have all three ways to authenticate. Did I defined it wrong in my ?
How should it be defined? Why Spring doesn't accept my changed with two providers that each provides different way to authenticate? One for in memory db and another using real MySql db.

Tomasm21OP•1/16/25, 6:44 PM

JsonLoginFilter():

red•1/16/25, 6:54 PM

Try to create two AuthenticationProvider, one for each UserDetailsService and then register both of them with @Bean

red•1/16/25, 6:55 PM

I think that this way you can separate the two forms of login and still delegate the management of beans to Spring Security as it should be.

red•1/16/25, 6:56 PM

Or something like that

red•1/16/25, 6:58 PM

Name the beans and then use @Qualifier to specify which authenticationProvider you want to inject

Tomasm21OP•1/16/25, 7:01 PM

But would it mean that if I will qualify the bean and then in postman I will try to autheticate using Basic Auth then what happens next? Due to qualifiers it will always try to athenticate me using instead of the . And perhaps I won't be able to auntheticate.

Tomasm21OP•1/16/25, 7:02 PM

There should be a way.

Tomasm21OP•1/16/25, 7:02 PM

These problems are not new.

TTomasm21 But would it mean that if I will qualify the `databaseProvider` bean and then in...

red•1/16/25, 7:05 PM

Yes, indeed. But you can get around this by creating two SecurityFilterChain and specifying which authenticationProvider to use.

Tomasm21OP•1/16/25, 7:05 PM

Ok I will try

red•1/16/25, 7:18 PM

The problem with this approach that I mentioned is that it is not possible for the same route to be accessed by more than one form of authentication. For more flexibility, you also should create a filter that processes the user credentials, creates an Authentication object and then based on the obtained data, delegate the authentication to an AuthenticationProvider

red•1/16/25, 7:19 PM

But maybe this might not be a problem in your case

JavaBot•1/17/25, 12:30 AM

💤

💤

Post marked as dormant

This post has been inactive for over 300 minutes, thus, it has been archived.
If your question was not answered yet, feel free to re-open this post or create a new one.
In case your post is not getting any attention, you can try to use
/help ping
/help ping
.
Warning: abusing this will result in moderative actions taken against you.