Spring Security – Customize Authentication Provider

In the article, JavaSampleApproach will guide you how to customize Authentication Provider with Spring Security support.

Related Articles:
Spring Security – Config Security for Web MVC by Spring Boot
Spring Security – Customize Login Handler
Spring Security Customize Logout Handler
How to use Spring Security JDBC Authentication with PostgreSQL & Spring Boot


A. Concepts

Spring Security provides for us an interface to customize Authentication Provider:
public interface AuthenticationProvider

The interface has 2 functions needed overwrite for customization:
Authentication authenticate(Authentication authentication): Performs authentication with the same contract as AuthenticationManager.authenticate(Authentication).
boolean supports(Class authentication): Returns true if this AuthenticationProvider supports the indicated Authentication object.

Details at Java docs

B. Practice

I. Technologies

– Java 1.8
– Maven 3.3.9
– Spring Tool Suite – Version 3.8.1.RELEASE

II. Overview
1. Project Structure

customize authentication provider project structure

2. Step to do

– Create a Spring Security project step by step follow article: Spring Security – Config Security for Web MVC by Spring Boot
Main Part:
– Create a class that implements CustomAuthenticationProvider interface.
– Config customize AuthenticationManagerBuilder component.

III. Practice
1. Create a Spring Security project

– Create a Spring Security project step by step follow article: Spring Security – Config Security for Web MVC by Spring Boot

2. Create a class that implements CustomAuthenticationProvider interface

CustomAuthenticationProvider will implement interface: AuthenticationProvider by overwrite 2 functions:
public Authentication authenticate(Authentication authentication) throws AuthenticationException
and
public boolean supports(Class authentication)

boolean supports(Class authentication) function that tells authentication just works with UsernamePasswordAuthenticationToken object.

Authentication authenticate(Authentication authentication) function check the username & password for simulating the simple authenticating process.

If user accounts are user/user & admin/admin, the authentication is successfully. Otherwise, Failed.

3. Configure customize AuthenticationManagerBuilder component in WebSecurityConfigurerAdapter

– In the class SecurityConfig extends WebSecurityConfigurerAdapter, inject CustomAuthenticationProvider bean:

Then configure: configure(AuthenticationManagerBuilder auth)
Details:

Now be ready for Run & Check results!

IV. Sourcecode

SpringBootCustomizeSecurityAuthenticationProvider


Related Posts


2 thoughts on “Spring Security – Customize Authentication Provider”

  1. This example works fine if I use login form. But what if I need not it?
    If I use configure like this :
    @Override
    protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests()
    .antMatchers(“/public”).permitAll()
    .antMatchers(“/private”).hasRole(ADMIN)
    .antMatchers(“/**”).permitAll()
    .anyRequest().authenticated();
    }
    CustomAuthenticationProvider method authenticate(…) did not used at all (use debug to confirm) and page are always forbidden when trying to access /admin resource

    1. Hi,

      If you don’t need a login page, Are you working with httpBasic?
      -> If Yes, you can try the segment code for httpBasic security:

      More details, you can try the tutorial:
      How to configure Spring RestTemplate Security

      Regards,
      JSA

Got Something To Say:

Your email address will not be published. Required fields are marked *

*