Authentication With Spring Security

158 views

Skip to first unread message

Harvey Sama

unread,

Aug 22, 2017, 7:51:32 AM8/22/17

to Axon Framework Users

Hi,

I'm trying to use Spring Security for authentication. I've configured the AuthenticationProvider and WebSecurityConfigurerAdapter configured

Here's part of my WebSecurityConfigurerAdapter configuration:

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .authorizeRequests()
            .antMatchers("/user/login").permitAll()                
            .anyRequest().authenticated().and() 
            .httpBasic().and()
            .logout().and()
            .csrf().disable();
}

1) How do I pass data from the form to Spring Security to use my custom AuthenticationProvider?

2) How do I set a session (and cookies) so I don't need to authenticate every other page after login?

3) I have services separated as standalone applications, how do I secure the other services using the current authentication such that all of the other services are accessed only if the user has been authenticated in this service.

Allard Buijze

unread,

Aug 25, 2017, 9:13:07 AM8/25/17

to Axon Framework Users

Hi Harvey,

Spring Security takes care of Authentication (and Authorization, although that's not relevant, for now). It makes the current user's identity available in a SecurityContextHolder. From there, you can access who has authenticated against the request that is currently being executed.

In Axon, you'd have to configure a DispatchInterceptor that attaches relevant information from this SecurityContextHolder into the message's meta data. On the receiving side, you can read this data from the meta data (and optionally set up a SecurityContext, if necessary).

Your question 2 is very much a Spring Security question. Please check the Spring Security documentation.

Question 3: essentially, you would pass "proof of security" with each message, such as userID or a token (such as jwt tokens).

Cheers,

Allard

Op di 22 aug. 2017 om 13:51 schreef Harvey Sama <prince...@gmail.com>:

--
You received this message because you are subscribed to the Google Groups "Axon Framework Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to axonframewor...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Allard Buijze

CTO

E: allard...@axoniq.io

T: +31 6 34 73 99 89

AxonIQ Conference - 29th September - in Amsterdam

Reply all

Reply to author

Forward

0 new messages