Spring Boot Oath Multiple Token Authentication PathWays












0















I currently have Spring Boot OAuth2 working for token authentication on my website. I need to create an additional way of logging in. The only way I've managed to get it working so far has been to provide a second AuthenticationProvider and have spring run through both providers each time a user attempts to login through either login methods. Ideally, I don't want to do it this way. Here are some things I would like to do instead:




  1. I have a custom AuthenticationManager. I would pass in a Authentication.details() parameter specifying which pathway I would like to use. I would read this in AuthenticationManager and call the corresponding AuthenticationProvider.

  2. I'm currently calling the /oath/token endpoint. Maybe I can create another default spring endpoint with its own AuthenticationProvider.

  3. Create my own endpoint in my controller and do my token Authentication manually.


Here is the code I have so far:



@Configuration

@EnableWebSecurity

@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)

public class WebSecurityConfig extends WebSecurityConfigurerAdapter {





@Autowired

private UserInfoDao userInfoDao; // Existing Dao



@Autowired

private AccessTokenAuthenticationProvider accessTokenAuthenticationProvider; // My new AuthenticationProvider



// Currently runs through both these providers

@Autowired

protected void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {

    auth.userDetailsService(userDetailsServiceFacade()).passwordEncoder(passwordEncoder()); // Existing

    auth.authenticationProvider(accessTokenAuthenticationProvider); // New

}





@Bean

UserDetailsService UserDetailsService() {

    return new UserDetailsService(userInfoDao, passwordEncoder());

}



@Bean

UserDetailsServiceFacade userDetailsServiceFacade() {

    return new UserDetailsServiceFacade(UserDetailsService());

}



@Bean

public FailedLoginAuthenticationManagerDecorator authDecorator() throws Exception {

    return new FailedLoginAuthenticationManagerDecorator(authenticationManagerBean(), UserDetailsService());

}



@Override

public AuthenticationManager authenticationManagerBean() throws Exception {

    return super.authenticationManagerBean();

}



@Bean

public PasswordEncoder passwordEncoder() {

    return new BCryptPasswordEncoder(12);

}





@Override

public void configure(HttpSecurity http) throws Exception{

    http.csrf().disable();

    // setup security

    http.authorizeRequests()

        .anyRequest()

        .fullyAuthenticated()

        .and().httpBasic();

}



@Configuration

@EnableResourceServer // Activates OAuth2 based authentication/authorization for the "user" resource

protected static class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {



    @Override

    public void configure(HttpSecurity http) throws Exception {

        http.csrf().disable();

        // all endpoints not exempted from security, require caller to be authenticated:

        http.authorizeRequests()

            .antMatchers("/**/user/authenticated").permitAll()

            .anyRequest().authenticated();

    }

}


}






java spring spring-boot







share|improve this question



























    0















    I currently have Spring Boot OAuth2 working for token authentication on my website. I need to create an additional way of logging in. The only way I've managed to get it working so far has been to provide a second AuthenticationProvider and have spring run through both providers each time a user attempts to login through either login methods. Ideally, I don't want to do it this way. Here are some things I would like to do instead:




    1. I have a custom AuthenticationManager. I would pass in a Authentication.details() parameter specifying which pathway I would like to use. I would read this in AuthenticationManager and call the corresponding AuthenticationProvider.

    2. I'm currently calling the /oath/token endpoint. Maybe I can create another default spring endpoint with its own AuthenticationProvider.

    3. Create my own endpoint in my controller and do my token Authentication manually.


    Here is the code I have so far:



    @Configuration
    
@EnableWebSecurity
    
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
    
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    

    

    
@Autowired
    
private UserInfoDao userInfoDao; // Existing Dao
    

    
@Autowired
    
private AccessTokenAuthenticationProvider accessTokenAuthenticationProvider; // My new AuthenticationProvider
    

    
// Currently runs through both these providers
    
@Autowired
    
protected void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
    
    auth.userDetailsService(userDetailsServiceFacade()).passwordEncoder(passwordEncoder()); // Existing
    
    auth.authenticationProvider(accessTokenAuthenticationProvider); // New
    
}
    

    

    
@Bean
    
UserDetailsService UserDetailsService() {
    
    return new UserDetailsService(userInfoDao, passwordEncoder());
    
}
    

    
@Bean
    
UserDetailsServiceFacade userDetailsServiceFacade() {
    
    return new UserDetailsServiceFacade(UserDetailsService());
    
}
    

    
@Bean
    
public FailedLoginAuthenticationManagerDecorator authDecorator() throws Exception {
    
    return new FailedLoginAuthenticationManagerDecorator(authenticationManagerBean(), UserDetailsService());
    
}
    

    
@Override
    
public AuthenticationManager authenticationManagerBean() throws Exception {
    
    return super.authenticationManagerBean();
    
}
    

    
@Bean
    
public PasswordEncoder passwordEncoder() {
    
    return new BCryptPasswordEncoder(12);
    
}
    

    

    
@Override
    
public void configure(HttpSecurity http) throws Exception{
    
    http.csrf().disable();
    
    // setup security
    
    http.authorizeRequests()
    
        .anyRequest()
    
        .fullyAuthenticated()
    
        .and().httpBasic();
    
}
    

    
@Configuration
    
@EnableResourceServer // Activates OAuth2 based authentication/authorization for the "user" resource
    
protected static class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
    

    
    @Override
    
    public void configure(HttpSecurity http) throws Exception {
    
        http.csrf().disable();
    
        // all endpoints not exempted from security, require caller to be authenticated:
    
        http.authorizeRequests()
    
            .antMatchers("/**/user/authenticated").permitAll()
    
            .anyRequest().authenticated();
    
    }
    
}


    }






    java spring spring-boot







    share|improve this question

























      0












      0








      0








      I currently have Spring Boot OAuth2 working for token authentication on my website. I need to create an additional way of logging in. The only way I've managed to get it working so far has been to provide a second AuthenticationProvider and have spring run through both providers each time a user attempts to login through either login methods. Ideally, I don't want to do it this way. Here are some things I would like to do instead:




      1. I have a custom AuthenticationManager. I would pass in a Authentication.details() parameter specifying which pathway I would like to use. I would read this in AuthenticationManager and call the corresponding AuthenticationProvider.

      2. I'm currently calling the /oath/token endpoint. Maybe I can create another default spring endpoint with its own AuthenticationProvider.

      3. Create my own endpoint in my controller and do my token Authentication manually.


      Here is the code I have so far:



      @Configuration
      
@EnableWebSecurity
      
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
      
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
      

      

      
@Autowired
      
private UserInfoDao userInfoDao; // Existing Dao
      

      
@Autowired
      
private AccessTokenAuthenticationProvider accessTokenAuthenticationProvider; // My new AuthenticationProvider
      

      
// Currently runs through both these providers
      
@Autowired
      
protected void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
      
    auth.userDetailsService(userDetailsServiceFacade()).passwordEncoder(passwordEncoder()); // Existing
      
    auth.authenticationProvider(accessTokenAuthenticationProvider); // New
      
}
      

      

      
@Bean
      
UserDetailsService UserDetailsService() {
      
    return new UserDetailsService(userInfoDao, passwordEncoder());
      
}
      

      
@Bean
      
UserDetailsServiceFacade userDetailsServiceFacade() {
      
    return new UserDetailsServiceFacade(UserDetailsService());
      
}
      

      
@Bean
      
public FailedLoginAuthenticationManagerDecorator authDecorator() throws Exception {
      
    return new FailedLoginAuthenticationManagerDecorator(authenticationManagerBean(), UserDetailsService());
      
}
      

      
@Override
      
public AuthenticationManager authenticationManagerBean() throws Exception {
      
    return super.authenticationManagerBean();
      
}
      

      
@Bean
      
public PasswordEncoder passwordEncoder() {
      
    return new BCryptPasswordEncoder(12);
      
}
      

      

      
@Override
      
public void configure(HttpSecurity http) throws Exception{
      
    http.csrf().disable();
      
    // setup security
      
    http.authorizeRequests()
      
        .anyRequest()
      
        .fullyAuthenticated()
      
        .and().httpBasic();
      
}
      

      
@Configuration
      
@EnableResourceServer // Activates OAuth2 based authentication/authorization for the "user" resource
      
protected static class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
      

      
    @Override
      
    public void configure(HttpSecurity http) throws Exception {
      
        http.csrf().disable();
      
        // all endpoints not exempted from security, require caller to be authenticated:
      
        http.authorizeRequests()
      
            .antMatchers("/**/user/authenticated").permitAll()
      
            .anyRequest().authenticated();
      
    }
      
}


      }






      java spring spring-boot







      share|improve this question














      I currently have Spring Boot OAuth2 working for token authentication on my website. I need to create an additional way of logging in. The only way I've managed to get it working so far has been to provide a second AuthenticationProvider and have spring run through both providers each time a user attempts to login through either login methods. Ideally, I don't want to do it this way. Here are some things I would like to do instead:




      1. I have a custom AuthenticationManager. I would pass in a Authentication.details() parameter specifying which pathway I would like to use. I would read this in AuthenticationManager and call the corresponding AuthenticationProvider.

      2. I'm currently calling the /oath/token endpoint. Maybe I can create another default spring endpoint with its own AuthenticationProvider.

      3. Create my own endpoint in my controller and do my token Authentication manually.


      Here is the code I have so far:



      @Configuration
      
@EnableWebSecurity
      
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
      
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
      

      

      
@Autowired
      
private UserInfoDao userInfoDao; // Existing Dao
      

      
@Autowired
      
private AccessTokenAuthenticationProvider accessTokenAuthenticationProvider; // My new AuthenticationProvider
      

      
// Currently runs through both these providers
      
@Autowired
      
protected void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
      
    auth.userDetailsService(userDetailsServiceFacade()).passwordEncoder(passwordEncoder()); // Existing
      
    auth.authenticationProvider(accessTokenAuthenticationProvider); // New
      
}
      

      

      
@Bean
      
UserDetailsService UserDetailsService() {
      
    return new UserDetailsService(userInfoDao, passwordEncoder());
      
}
      

      
@Bean
      
UserDetailsServiceFacade userDetailsServiceFacade() {
      
    return new UserDetailsServiceFacade(UserDetailsService());
      
}
      

      
@Bean
      
public FailedLoginAuthenticationManagerDecorator authDecorator() throws Exception {
      
    return new FailedLoginAuthenticationManagerDecorator(authenticationManagerBean(), UserDetailsService());
      
}
      

      
@Override
      
public AuthenticationManager authenticationManagerBean() throws Exception {
      
    return super.authenticationManagerBean();
      
}
      

      
@Bean
      
public PasswordEncoder passwordEncoder() {
      
    return new BCryptPasswordEncoder(12);
      
}
      

      

      
@Override
      
public void configure(HttpSecurity http) throws Exception{
      
    http.csrf().disable();
      
    // setup security
      
    http.authorizeRequests()
      
        .anyRequest()
      
        .fullyAuthenticated()
      
        .and().httpBasic();
      
}
      

      
@Configuration
      
@EnableResourceServer // Activates OAuth2 based authentication/authorization for the "user" resource
      
protected static class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
      

      
    @Override
      
    public void configure(HttpSecurity http) throws Exception {
      
        http.csrf().disable();
      
        // all endpoints not exempted from security, require caller to be authenticated:
      
        http.authorizeRequests()
      
            .antMatchers("/**/user/authenticated").permitAll()
      
            .anyRequest().authenticated();
      
    }
      
}


      }






      java spring spring-boot




      java spring spring-boot






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Nov 20 '18 at 17:12









      persiaprincepersiaprince

      429




      429
























          0






          active

          oldest

          votes











          Your Answer






          StackExchange.ifUsing("editor", function () {
          StackExchange.using("externalEditor", function () {
          StackExchange.using("snippets", function () {
          StackExchange.snippets.init();
          });
          });
          }, "code-snippets");

          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "1"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53398132%2fspring-boot-oath-multiple-token-authentication-pathways%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          0






          active

          oldest

          votes








          0






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes
















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Stack Overflow!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53398132%2fspring-boot-oath-multiple-token-authentication-pathways%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          MongoDB - Not Authorized To Execute Command

          Image
          .everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box; } 0 I have successfully enabled authorization on MongoDB and I have created an account on the admin database and then I created an account for my database called test. The following connection string to connect to my test database works successfully: mongo --host 192.168.17.52 --port 27017 -u user1 -p password --authenticationDatabase test Only problem I have now is, I cannot execute commands such as: show dbs. I get the following error when I try to do so: "errmsg" : "not authorized on admin to execute command { listDatabases: 1.0, lsid: { id: UUID("a1d5bc0d-bc58-485e-b232-270758a89455") }, $db: "admin...
          Read more

          How to fix TextFormField cause rebuild widget in Flutter

          Image
          .everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box; } 0 I've got the same issue at #9280. I tried all solutions from that topic with/without GlobalKey for Scaffold and Form but the problem wasn't fixed. I tried to build a authentication form with login and signup. But the keyboard doesn't show when I tap the TextFormField at the first time. Then I try to input some letter from physical keyboard, the widget is rebuilt. Like this: login screen Nothing to be log when I run flutter run --verbose, so I logged manually. Every tapping on field, the widget called dispose -> init -> build. [√] Flutter (Channel beta, v1.0.0, on Microsoft Windows [Version 10.0.17763.195], ...
          Read more

          Npm cannot find a required file even through it is in the searched directory

          Image
          up vote 0 down vote favorite I got that error: users-Air:pdfuploader user$ npm run start client@0.1.0 start /Users/user/Documents/pdfuploader react-scripts start Could not find a required file. Name: index.html Searched in: /Users/user/Documents/pdfuploader/public npm ERR! code ELIFECYCLE npm ERR! errno 1 npm ERR! client@0.1.0 start: `react-scripts start` npm ERR! Exit status 1 npm ERR! npm ERR! Failed at the client@0.1.0 start script. npm ERR! This is probably not a problem with npm. There is likely additional logging output above. npm ERR! A complete log of this run can be found in: npm ERR! /Users/user/.npm/_logs/2018-11-19T10_19_14_555Z-debug.log users-Air:pdfuploader user$ And the file is in /Users/user/Documents/pdfuploader/public as you can see in my github repository: https://github.c...
          Read more