bilal bilal bilal bilal - 4 years ago 783
Java Question

Spring Security Rest Basic authentication

I'm working with Spring security 4 XML based configuration.

This is my configuration :

<security:http use-expressions="true" authentication-manager-ref="authenticationManager" entry-point-ref="authenticationEntryPoint">
<security:intercept-url pattern="/**" access="hasRole('ROLE_USER')"/>
<security:form-login authentication-success-handler-ref="authenticationSuccessHandler"
authentication-failure-handler-ref="authenticationFailureHandler"
/>
<security:logout success-handler-ref="logoutSuccessHandler"/>
<security:csrf disabled="true"/>
</security:http>

<security:authentication-manager id="authenticationManager">
<security:authentication-provider>
<security:user-service>
<security:user name="username" authorities="ROLE_USER" password="password"/>
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>

<bean id="authenticationEntryPoint" class="package.CustomBasicAuthenticationEntryPoint">


The
authenticationEntryPoint
has the following implementation :

public class CustomBasicAuthenticationEntryPoint implements AuthenticationEntryPoint {

@Override
public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException e) throws IOException, ServletException {

response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
}
}


The problem is when I try to authenticate :

http://localhost:8080/myApp/api/j_spring_security_check
with body :
j_password=password&j_username=username


I have always a 401 error status because of my custom entry point. It seems to me that spring security is not calling the authentication-manager. Do I miss something ?

Thanks for helping.

Update

Thanks for your answers, I've been working with Spring Security 3.2, I changed j_username, j_password and j_spring_security_check to username, password and login. I still have the same problem : 401 code status : Spring Security is calling the custom authenticationEntryPoint even when I try to authenticate using a form (POST).

Answer Source

In my web.xml file, the url-pattern for Spring Security filterchain is : /api/*

I had to add the same url-pattern to the login-processing-url : "/api/" in my configuration file (login-form) to make it work :

login-processing-url="/api/login" 

Thanks for your answers.

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download