Spring Boot Custom Authentication Provider with Java Configuration not working












9















I am trying to setup a REST based web application, where the frontend is using Reactjs and the backend is using Spring Boot. I am also trying to setup a custom authentication provider, and this is where my problems start. When trying to test the login API call, the CustomAuthenticationProvider is never called, and instead the default DaoAuthenticationProvider is used. This causes the login to report "Bad credentials".



I have upload a small sample application to github: spring-boot-auth-demo



To test the login API I use the following curl:



curl -H "Content-Type: application/json" -X POST -d '{"username":"admin","password":"admin"}' http://localhost:8080/api/users/login


The CustomAuthenticationProvider does a simple username/password check and returns an UsernamePasswordAuthenicationToken object.



package no.bluebit.demo;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.stereotype.Component;

import java.util.ArrayList;
import java.util.List;

@Component
public class CustomAuthenticationProvider implements AuthenticationProvider {

private static final Logger logger = LoggerFactory.getLogger(CustomAuthenticationProvider.class);

public CustomAuthenticationProvider() {
logger.info("*** CustomAuthenticationProvider created");
}

@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {

if(authentication.getName().equals("admin") && authentication.getCredentials().equals("admin")) {
List<GrantedAuthority> grantedAuths = new ArrayList<>();
grantedAuths.add(new SimpleGrantedAuthority("ROLE_USER"));
grantedAuths.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
return new UsernamePasswordAuthenticationToken(authentication.getName(), authentication.getCredentials(), grantedAuths);
} else {
return null;
}

}

@Override
public boolean supports(Class<?> authentication) {
return UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication);
}

}


The CustomAuthenticationProvider is wired up using the SecurityConfiguration class. When stepping through the code, I can see that the CustomAuthenicationProvider is not in the list of providers used to authenticate the incoming request.



package no.bluebit.demo;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private CustomAuthenticationProvider customAuthenticationProvider;

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.authenticationProvider(this.customAuthenticationProvider);
}

@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/api/users/login").permitAll() // Permit access for all to login REST service
.antMatchers("/").permitAll() // Neccessary to permit access to default document
.anyRequest().authenticated().and() // All other requests require authentication
.httpBasic().and()
.logout().and()
.csrf().disable();
}
}


Why is this not working?










share|improve this question




















  • 1





    Take a look at this: stackoverflow.com/questions/22453550/…

    – franDayz
    Apr 20 '16 at 13:13






  • 1





    Thank you! The missing @Autowired annotation was the issue. Problem solved!

    – Håvard Bakke
    Apr 21 '16 at 2:18











  • @franDayz maybe add your comment as an answer, so that Håvard Bakke can accept as an answer?

    – demaniak
    Dec 13 '16 at 9:30











  • @demaniak I just tried but the system converts simple answers to comments...

    – franDayz
    Dec 13 '16 at 11:19













  • @franDayz just mention, why '@autowired' was required and follow up with the URL then you can add it as a answer :)

    – rohit thomas
    May 20 '18 at 2:53
















9















I am trying to setup a REST based web application, where the frontend is using Reactjs and the backend is using Spring Boot. I am also trying to setup a custom authentication provider, and this is where my problems start. When trying to test the login API call, the CustomAuthenticationProvider is never called, and instead the default DaoAuthenticationProvider is used. This causes the login to report "Bad credentials".



I have upload a small sample application to github: spring-boot-auth-demo



To test the login API I use the following curl:



curl -H "Content-Type: application/json" -X POST -d '{"username":"admin","password":"admin"}' http://localhost:8080/api/users/login


The CustomAuthenticationProvider does a simple username/password check and returns an UsernamePasswordAuthenicationToken object.



package no.bluebit.demo;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.stereotype.Component;

import java.util.ArrayList;
import java.util.List;

@Component
public class CustomAuthenticationProvider implements AuthenticationProvider {

private static final Logger logger = LoggerFactory.getLogger(CustomAuthenticationProvider.class);

public CustomAuthenticationProvider() {
logger.info("*** CustomAuthenticationProvider created");
}

@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {

if(authentication.getName().equals("admin") && authentication.getCredentials().equals("admin")) {
List<GrantedAuthority> grantedAuths = new ArrayList<>();
grantedAuths.add(new SimpleGrantedAuthority("ROLE_USER"));
grantedAuths.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
return new UsernamePasswordAuthenticationToken(authentication.getName(), authentication.getCredentials(), grantedAuths);
} else {
return null;
}

}

@Override
public boolean supports(Class<?> authentication) {
return UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication);
}

}


The CustomAuthenticationProvider is wired up using the SecurityConfiguration class. When stepping through the code, I can see that the CustomAuthenicationProvider is not in the list of providers used to authenticate the incoming request.



package no.bluebit.demo;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private CustomAuthenticationProvider customAuthenticationProvider;

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.authenticationProvider(this.customAuthenticationProvider);
}

@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/api/users/login").permitAll() // Permit access for all to login REST service
.antMatchers("/").permitAll() // Neccessary to permit access to default document
.anyRequest().authenticated().and() // All other requests require authentication
.httpBasic().and()
.logout().and()
.csrf().disable();
}
}


Why is this not working?










share|improve this question




















  • 1





    Take a look at this: stackoverflow.com/questions/22453550/…

    – franDayz
    Apr 20 '16 at 13:13






  • 1





    Thank you! The missing @Autowired annotation was the issue. Problem solved!

    – Håvard Bakke
    Apr 21 '16 at 2:18











  • @franDayz maybe add your comment as an answer, so that Håvard Bakke can accept as an answer?

    – demaniak
    Dec 13 '16 at 9:30











  • @demaniak I just tried but the system converts simple answers to comments...

    – franDayz
    Dec 13 '16 at 11:19













  • @franDayz just mention, why '@autowired' was required and follow up with the URL then you can add it as a answer :)

    – rohit thomas
    May 20 '18 at 2:53














9












9








9


3






I am trying to setup a REST based web application, where the frontend is using Reactjs and the backend is using Spring Boot. I am also trying to setup a custom authentication provider, and this is where my problems start. When trying to test the login API call, the CustomAuthenticationProvider is never called, and instead the default DaoAuthenticationProvider is used. This causes the login to report "Bad credentials".



I have upload a small sample application to github: spring-boot-auth-demo



To test the login API I use the following curl:



curl -H "Content-Type: application/json" -X POST -d '{"username":"admin","password":"admin"}' http://localhost:8080/api/users/login


The CustomAuthenticationProvider does a simple username/password check and returns an UsernamePasswordAuthenicationToken object.



package no.bluebit.demo;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.stereotype.Component;

import java.util.ArrayList;
import java.util.List;

@Component
public class CustomAuthenticationProvider implements AuthenticationProvider {

private static final Logger logger = LoggerFactory.getLogger(CustomAuthenticationProvider.class);

public CustomAuthenticationProvider() {
logger.info("*** CustomAuthenticationProvider created");
}

@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {

if(authentication.getName().equals("admin") && authentication.getCredentials().equals("admin")) {
List<GrantedAuthority> grantedAuths = new ArrayList<>();
grantedAuths.add(new SimpleGrantedAuthority("ROLE_USER"));
grantedAuths.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
return new UsernamePasswordAuthenticationToken(authentication.getName(), authentication.getCredentials(), grantedAuths);
} else {
return null;
}

}

@Override
public boolean supports(Class<?> authentication) {
return UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication);
}

}


The CustomAuthenticationProvider is wired up using the SecurityConfiguration class. When stepping through the code, I can see that the CustomAuthenicationProvider is not in the list of providers used to authenticate the incoming request.



package no.bluebit.demo;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private CustomAuthenticationProvider customAuthenticationProvider;

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.authenticationProvider(this.customAuthenticationProvider);
}

@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/api/users/login").permitAll() // Permit access for all to login REST service
.antMatchers("/").permitAll() // Neccessary to permit access to default document
.anyRequest().authenticated().and() // All other requests require authentication
.httpBasic().and()
.logout().and()
.csrf().disable();
}
}


Why is this not working?










share|improve this question
















I am trying to setup a REST based web application, where the frontend is using Reactjs and the backend is using Spring Boot. I am also trying to setup a custom authentication provider, and this is where my problems start. When trying to test the login API call, the CustomAuthenticationProvider is never called, and instead the default DaoAuthenticationProvider is used. This causes the login to report "Bad credentials".



I have upload a small sample application to github: spring-boot-auth-demo



To test the login API I use the following curl:



curl -H "Content-Type: application/json" -X POST -d '{"username":"admin","password":"admin"}' http://localhost:8080/api/users/login


The CustomAuthenticationProvider does a simple username/password check and returns an UsernamePasswordAuthenicationToken object.



package no.bluebit.demo;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.stereotype.Component;

import java.util.ArrayList;
import java.util.List;

@Component
public class CustomAuthenticationProvider implements AuthenticationProvider {

private static final Logger logger = LoggerFactory.getLogger(CustomAuthenticationProvider.class);

public CustomAuthenticationProvider() {
logger.info("*** CustomAuthenticationProvider created");
}

@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {

if(authentication.getName().equals("admin") && authentication.getCredentials().equals("admin")) {
List<GrantedAuthority> grantedAuths = new ArrayList<>();
grantedAuths.add(new SimpleGrantedAuthority("ROLE_USER"));
grantedAuths.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
return new UsernamePasswordAuthenticationToken(authentication.getName(), authentication.getCredentials(), grantedAuths);
} else {
return null;
}

}

@Override
public boolean supports(Class<?> authentication) {
return UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication);
}

}


The CustomAuthenticationProvider is wired up using the SecurityConfiguration class. When stepping through the code, I can see that the CustomAuthenicationProvider is not in the list of providers used to authenticate the incoming request.



package no.bluebit.demo;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private CustomAuthenticationProvider customAuthenticationProvider;

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.authenticationProvider(this.customAuthenticationProvider);
}

@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/api/users/login").permitAll() // Permit access for all to login REST service
.antMatchers("/").permitAll() // Neccessary to permit access to default document
.anyRequest().authenticated().and() // All other requests require authentication
.httpBasic().and()
.logout().and()
.csrf().disable();
}
}


Why is this not working?







java spring rest authentication spring-security






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited May 20 '18 at 3:26









user207421

262k25210355




262k25210355










asked Apr 19 '16 at 14:22









Håvard BakkeHåvard Bakke

71119




71119








  • 1





    Take a look at this: stackoverflow.com/questions/22453550/…

    – franDayz
    Apr 20 '16 at 13:13






  • 1





    Thank you! The missing @Autowired annotation was the issue. Problem solved!

    – Håvard Bakke
    Apr 21 '16 at 2:18











  • @franDayz maybe add your comment as an answer, so that Håvard Bakke can accept as an answer?

    – demaniak
    Dec 13 '16 at 9:30











  • @demaniak I just tried but the system converts simple answers to comments...

    – franDayz
    Dec 13 '16 at 11:19













  • @franDayz just mention, why '@autowired' was required and follow up with the URL then you can add it as a answer :)

    – rohit thomas
    May 20 '18 at 2:53














  • 1





    Take a look at this: stackoverflow.com/questions/22453550/…

    – franDayz
    Apr 20 '16 at 13:13






  • 1





    Thank you! The missing @Autowired annotation was the issue. Problem solved!

    – Håvard Bakke
    Apr 21 '16 at 2:18











  • @franDayz maybe add your comment as an answer, so that Håvard Bakke can accept as an answer?

    – demaniak
    Dec 13 '16 at 9:30











  • @demaniak I just tried but the system converts simple answers to comments...

    – franDayz
    Dec 13 '16 at 11:19













  • @franDayz just mention, why '@autowired' was required and follow up with the URL then you can add it as a answer :)

    – rohit thomas
    May 20 '18 at 2:53








1




1





Take a look at this: stackoverflow.com/questions/22453550/…

– franDayz
Apr 20 '16 at 13:13





Take a look at this: stackoverflow.com/questions/22453550/…

– franDayz
Apr 20 '16 at 13:13




1




1





Thank you! The missing @Autowired annotation was the issue. Problem solved!

– Håvard Bakke
Apr 21 '16 at 2:18





Thank you! The missing @Autowired annotation was the issue. Problem solved!

– Håvard Bakke
Apr 21 '16 at 2:18













@franDayz maybe add your comment as an answer, so that Håvard Bakke can accept as an answer?

– demaniak
Dec 13 '16 at 9:30





@franDayz maybe add your comment as an answer, so that Håvard Bakke can accept as an answer?

– demaniak
Dec 13 '16 at 9:30













@demaniak I just tried but the system converts simple answers to comments...

– franDayz
Dec 13 '16 at 11:19







@demaniak I just tried but the system converts simple answers to comments...

– franDayz
Dec 13 '16 at 11:19















@franDayz just mention, why '@autowired' was required and follow up with the URL then you can add it as a answer :)

– rohit thomas
May 20 '18 at 2:53





@franDayz just mention, why '@autowired' was required and follow up with the URL then you can add it as a answer :)

– rohit thomas
May 20 '18 at 2:53












3 Answers
3






active

oldest

votes


















0














Try to add on header http this thinks:



Example:



const headers = new HttpHeaders();
headers.set('Access-Control-Allow-Origin', '*');
headers.set('Access-Control-Allow-Methods', 'POST, GET, OPTIONS, DELETE, PUT');
headers.set('Access-Control-Allow-Headers', 'Authorization, Content-Type, Accept, x-
requested-with, Cache-Control');
headers.set('Content-Type', 'application/json');


this.http.post('http://localhost:8081/loginAngular',
JSON.stringify({user: 'sdasd', password: 'dasdasd', estado: 'dasdasd', idUsuario: 1, resultado: 'asdasd'}) ,
{headers: new HttpHeaders().set('Content-Type', 'application/json')}).subscribe(data => {
console.log(' Data: ' + data);

});


I made this app with spring security and angular!
Front: https://github.com/nicobassart/angularforHidra
Back: https://github.com/nicobassart/hidra_server






share|improve this answer































    -1














    Look at the AuthenticationProvider class (respectively it's java doc)



    The method authenticate expects to :



     * Performs authentication with the same contract as
    * {@link org.springframework.security.authentication.AuthenticationManager#authenticate(Authentication)}
    * @return a fully authenticated object including credentials. May return
    * <code>null</code> if the <code>AuthenticationProvider</code> is unable to support
    * authentication of the passed <code>Authentication</code> object. In such a case,
    * the next <code>AuthenticationProvider</code> that supports the presented
    * <code>Authentication</code> class will be tried.


    If you return null, then the next AuthenticationProvider will be called, which is the defaut one.



    I am not sure this is the problem, but this might be something. Try to throw BadCredentialsException, as the AuthenticationManager class tells you to do :



     * <li>A {@link BadCredentialsException} must be thrown if incorrect credentials are
    * presented. Whilst the above exceptions are optional, an
    * <code>AuthenticationManager</code> must <B>always</B> test credentials.</li>





    share|improve this answer































      -1














      You have to set the credentials in some other way. Try to see a working example of Username Password token. But your "authenticate" function needs to be the one that sets the credentials.






      share|improve this answer























        Your Answer






        StackExchange.ifUsing("editor", function () {
        StackExchange.using("externalEditor", function () {
        StackExchange.using("snippets", function () {
        StackExchange.snippets.init();
        });
        });
        }, "code-snippets");

        StackExchange.ready(function() {
        var channelOptions = {
        tags: "".split(" "),
        id: "1"
        };
        initTagRenderer("".split(" "), "".split(" "), channelOptions);

        StackExchange.using("externalEditor", function() {
        // Have to fire editor after snippets, if snippets enabled
        if (StackExchange.settings.snippets.snippetsEnabled) {
        StackExchange.using("snippets", function() {
        createEditor();
        });
        }
        else {
        createEditor();
        }
        });

        function createEditor() {
        StackExchange.prepareEditor({
        heartbeatType: 'answer',
        autoActivateHeartbeat: false,
        convertImagesToLinks: true,
        noModals: true,
        showLowRepImageUploadWarning: true,
        reputationToPostImages: 10,
        bindNavPrevention: true,
        postfix: "",
        imageUploader: {
        brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
        contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
        allowUrls: true
        },
        onDemand: true,
        discardSelector: ".discard-answer"
        ,immediatelyShowMarkdownHelp:true
        });


        }
        });














        draft saved

        draft discarded


















        StackExchange.ready(
        function () {
        StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f36721212%2fspring-boot-custom-authentication-provider-with-java-configuration-not-working%23new-answer', 'question_page');
        }
        );

        Post as a guest















        Required, but never shown

























        3 Answers
        3






        active

        oldest

        votes








        3 Answers
        3






        active

        oldest

        votes









        active

        oldest

        votes






        active

        oldest

        votes









        0














        Try to add on header http this thinks:



        Example:



        const headers = new HttpHeaders();
        headers.set('Access-Control-Allow-Origin', '*');
        headers.set('Access-Control-Allow-Methods', 'POST, GET, OPTIONS, DELETE, PUT');
        headers.set('Access-Control-Allow-Headers', 'Authorization, Content-Type, Accept, x-
        requested-with, Cache-Control');
        headers.set('Content-Type', 'application/json');


        this.http.post('http://localhost:8081/loginAngular',
        JSON.stringify({user: 'sdasd', password: 'dasdasd', estado: 'dasdasd', idUsuario: 1, resultado: 'asdasd'}) ,
        {headers: new HttpHeaders().set('Content-Type', 'application/json')}).subscribe(data => {
        console.log(' Data: ' + data);

        });


        I made this app with spring security and angular!
        Front: https://github.com/nicobassart/angularforHidra
        Back: https://github.com/nicobassart/hidra_server






        share|improve this answer




























          0














          Try to add on header http this thinks:



          Example:



          const headers = new HttpHeaders();
          headers.set('Access-Control-Allow-Origin', '*');
          headers.set('Access-Control-Allow-Methods', 'POST, GET, OPTIONS, DELETE, PUT');
          headers.set('Access-Control-Allow-Headers', 'Authorization, Content-Type, Accept, x-
          requested-with, Cache-Control');
          headers.set('Content-Type', 'application/json');


          this.http.post('http://localhost:8081/loginAngular',
          JSON.stringify({user: 'sdasd', password: 'dasdasd', estado: 'dasdasd', idUsuario: 1, resultado: 'asdasd'}) ,
          {headers: new HttpHeaders().set('Content-Type', 'application/json')}).subscribe(data => {
          console.log(' Data: ' + data);

          });


          I made this app with spring security and angular!
          Front: https://github.com/nicobassart/angularforHidra
          Back: https://github.com/nicobassart/hidra_server






          share|improve this answer


























            0












            0








            0







            Try to add on header http this thinks:



            Example:



            const headers = new HttpHeaders();
            headers.set('Access-Control-Allow-Origin', '*');
            headers.set('Access-Control-Allow-Methods', 'POST, GET, OPTIONS, DELETE, PUT');
            headers.set('Access-Control-Allow-Headers', 'Authorization, Content-Type, Accept, x-
            requested-with, Cache-Control');
            headers.set('Content-Type', 'application/json');


            this.http.post('http://localhost:8081/loginAngular',
            JSON.stringify({user: 'sdasd', password: 'dasdasd', estado: 'dasdasd', idUsuario: 1, resultado: 'asdasd'}) ,
            {headers: new HttpHeaders().set('Content-Type', 'application/json')}).subscribe(data => {
            console.log(' Data: ' + data);

            });


            I made this app with spring security and angular!
            Front: https://github.com/nicobassart/angularforHidra
            Back: https://github.com/nicobassart/hidra_server






            share|improve this answer













            Try to add on header http this thinks:



            Example:



            const headers = new HttpHeaders();
            headers.set('Access-Control-Allow-Origin', '*');
            headers.set('Access-Control-Allow-Methods', 'POST, GET, OPTIONS, DELETE, PUT');
            headers.set('Access-Control-Allow-Headers', 'Authorization, Content-Type, Accept, x-
            requested-with, Cache-Control');
            headers.set('Content-Type', 'application/json');


            this.http.post('http://localhost:8081/loginAngular',
            JSON.stringify({user: 'sdasd', password: 'dasdasd', estado: 'dasdasd', idUsuario: 1, resultado: 'asdasd'}) ,
            {headers: new HttpHeaders().set('Content-Type', 'application/json')}).subscribe(data => {
            console.log(' Data: ' + data);

            });


            I made this app with spring security and angular!
            Front: https://github.com/nicobassart/angularforHidra
            Back: https://github.com/nicobassart/hidra_server







            share|improve this answer












            share|improve this answer



            share|improve this answer










            answered Sep 19 '18 at 17:29









            NicoNico

            11




            11

























                -1














                Look at the AuthenticationProvider class (respectively it's java doc)



                The method authenticate expects to :



                 * Performs authentication with the same contract as
                * {@link org.springframework.security.authentication.AuthenticationManager#authenticate(Authentication)}
                * @return a fully authenticated object including credentials. May return
                * <code>null</code> if the <code>AuthenticationProvider</code> is unable to support
                * authentication of the passed <code>Authentication</code> object. In such a case,
                * the next <code>AuthenticationProvider</code> that supports the presented
                * <code>Authentication</code> class will be tried.


                If you return null, then the next AuthenticationProvider will be called, which is the defaut one.



                I am not sure this is the problem, but this might be something. Try to throw BadCredentialsException, as the AuthenticationManager class tells you to do :



                 * <li>A {@link BadCredentialsException} must be thrown if incorrect credentials are
                * presented. Whilst the above exceptions are optional, an
                * <code>AuthenticationManager</code> must <B>always</B> test credentials.</li>





                share|improve this answer




























                  -1














                  Look at the AuthenticationProvider class (respectively it's java doc)



                  The method authenticate expects to :



                   * Performs authentication with the same contract as
                  * {@link org.springframework.security.authentication.AuthenticationManager#authenticate(Authentication)}
                  * @return a fully authenticated object including credentials. May return
                  * <code>null</code> if the <code>AuthenticationProvider</code> is unable to support
                  * authentication of the passed <code>Authentication</code> object. In such a case,
                  * the next <code>AuthenticationProvider</code> that supports the presented
                  * <code>Authentication</code> class will be tried.


                  If you return null, then the next AuthenticationProvider will be called, which is the defaut one.



                  I am not sure this is the problem, but this might be something. Try to throw BadCredentialsException, as the AuthenticationManager class tells you to do :



                   * <li>A {@link BadCredentialsException} must be thrown if incorrect credentials are
                  * presented. Whilst the above exceptions are optional, an
                  * <code>AuthenticationManager</code> must <B>always</B> test credentials.</li>





                  share|improve this answer


























                    -1












                    -1








                    -1







                    Look at the AuthenticationProvider class (respectively it's java doc)



                    The method authenticate expects to :



                     * Performs authentication with the same contract as
                    * {@link org.springframework.security.authentication.AuthenticationManager#authenticate(Authentication)}
                    * @return a fully authenticated object including credentials. May return
                    * <code>null</code> if the <code>AuthenticationProvider</code> is unable to support
                    * authentication of the passed <code>Authentication</code> object. In such a case,
                    * the next <code>AuthenticationProvider</code> that supports the presented
                    * <code>Authentication</code> class will be tried.


                    If you return null, then the next AuthenticationProvider will be called, which is the defaut one.



                    I am not sure this is the problem, but this might be something. Try to throw BadCredentialsException, as the AuthenticationManager class tells you to do :



                     * <li>A {@link BadCredentialsException} must be thrown if incorrect credentials are
                    * presented. Whilst the above exceptions are optional, an
                    * <code>AuthenticationManager</code> must <B>always</B> test credentials.</li>





                    share|improve this answer













                    Look at the AuthenticationProvider class (respectively it's java doc)



                    The method authenticate expects to :



                     * Performs authentication with the same contract as
                    * {@link org.springframework.security.authentication.AuthenticationManager#authenticate(Authentication)}
                    * @return a fully authenticated object including credentials. May return
                    * <code>null</code> if the <code>AuthenticationProvider</code> is unable to support
                    * authentication of the passed <code>Authentication</code> object. In such a case,
                    * the next <code>AuthenticationProvider</code> that supports the presented
                    * <code>Authentication</code> class will be tried.


                    If you return null, then the next AuthenticationProvider will be called, which is the defaut one.



                    I am not sure this is the problem, but this might be something. Try to throw BadCredentialsException, as the AuthenticationManager class tells you to do :



                     * <li>A {@link BadCredentialsException} must be thrown if incorrect credentials are
                    * presented. Whilst the above exceptions are optional, an
                    * <code>AuthenticationManager</code> must <B>always</B> test credentials.</li>






                    share|improve this answer












                    share|improve this answer



                    share|improve this answer










                    answered Jan 7 '17 at 16:32









                    Catalin StanCatalin Stan

                    566




                    566























                        -1














                        You have to set the credentials in some other way. Try to see a working example of Username Password token. But your "authenticate" function needs to be the one that sets the credentials.






                        share|improve this answer




























                          -1














                          You have to set the credentials in some other way. Try to see a working example of Username Password token. But your "authenticate" function needs to be the one that sets the credentials.






                          share|improve this answer


























                            -1












                            -1








                            -1







                            You have to set the credentials in some other way. Try to see a working example of Username Password token. But your "authenticate" function needs to be the one that sets the credentials.






                            share|improve this answer













                            You have to set the credentials in some other way. Try to see a working example of Username Password token. But your "authenticate" function needs to be the one that sets the credentials.







                            share|improve this answer












                            share|improve this answer



                            share|improve this answer










                            answered May 17 '17 at 21:08









                            DexterDexter

                            3,20885986




                            3,20885986






























                                draft saved

                                draft discarded




















































                                Thanks for contributing an answer to Stack Overflow!


                                • Please be sure to answer the question. Provide details and share your research!

                                But avoid



                                • Asking for help, clarification, or responding to other answers.

                                • Making statements based on opinion; back them up with references or personal experience.


                                To learn more, see our tips on writing great answers.




                                draft saved


                                draft discarded














                                StackExchange.ready(
                                function () {
                                StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f36721212%2fspring-boot-custom-authentication-provider-with-java-configuration-not-working%23new-answer', 'question_page');
                                }
                                );

                                Post as a guest















                                Required, but never shown





















































                                Required, but never shown














                                Required, but never shown












                                Required, but never shown







                                Required, but never shown

































                                Required, but never shown














                                Required, but never shown












                                Required, but never shown







                                Required, but never shown







                                Popular posts from this blog

                                How to change which sound is reproduced for terminal bell?

                                Can I use Tabulator js library in my java Spring + Thymeleaf project?

                                Title Spacing in Bjornstrup Chapter, Removing Chapter Number From Contents