Spring Security – Customize Authentication Provider

In the article, JavaSampleApproach will guide you how to customize Authentication Provider with Spring Security support.

Related Articles:
Spring Security – Config Security for Web MVC by Spring Boot
Spring Security – Customize Login Handler
Spring Security Customize Logout Handler
How to use Spring Security JDBC Authentication with PostgreSQL & Spring Boot


A. Concepts

Spring Security provides for us an interface to customize Authentication Provider:
public interface AuthenticationProvider

The interface has 2 functions needed overwrite for customization:
Authentication authenticate(Authentication authentication): Performs authentication with the same contract as AuthenticationManager.authenticate(Authentication).
boolean supports(Class authentication): Returns true if this AuthenticationProvider supports the indicated Authentication object.

Details at Java docs

B. Practice

I. Technologies

– Java 1.8
– Maven 3.3.9
– Spring Tool Suite – Version 3.8.1.RELEASE

II. Overview
1. Project Structure

customize authentication provider project structure

2. Step to do

– Create a Spring Security project step by step follow article: Spring Security – Config Security for Web MVC by Spring Boot
Main Part:
– Create a class that implements CustomAuthenticationProvider interface.
– Config customize AuthenticationManagerBuilder component.

III. Practice
1. Create a Spring Security project

– Create a Spring Security project step by step follow article: Spring Security – Config Security for Web MVC by Spring Boot

2. Create a class that implements CustomAuthenticationProvider interface

CustomAuthenticationProvider will implement interface: AuthenticationProvider by overwrite 2 functions:
public Authentication authenticate(Authentication authentication) throws AuthenticationException
and
public boolean supports(Class authentication)

boolean supports(Class authentication) function that tells authentication just works with UsernamePasswordAuthenticationToken object.

Authentication authenticate(Authentication authentication) function check the username & password for simulating the simple authenticating process.

If user accounts are user/user & admin/admin, the authentication is successfully. Otherwise, Failed.

3. Configure customize AuthenticationManagerBuilder component in WebSecurityConfigurerAdapter

– In the class SecurityConfig extends WebSecurityConfigurerAdapter, inject CustomAuthenticationProvider bean:

Then configure: configure(AuthenticationManagerBuilder auth)
Details:

Now be ready for Run & Check results!

IV. Sourcecode

SpringBootCustomizeSecurityAuthenticationProvider


Related Posts



Got Something To Say:

Your email address will not be published. Required fields are marked *

*