Juan OKeeffe
unread,Oct 24, 2023, 4:39:10 PM10/24/23Sign in to reply to author
Sign in to forward
You do not have permission to delete messages in this group
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to waffle
I'm devoloping an Angular/Java application using waffle authentication.
When I access it in the Chrome browser it opens directly.
When I access it in the firefox browser it opens a browser basic authentication window asking for username and password.
How to remove this authentication window in Firefox? Chrome's behavior is the correct one.
Note: The issue only happens when I install the application in a remote server.
When accessing in localhost dev environment, firefox doesn't display the basic authentication window.
SecurityConfig.java
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private NegotiateSecurityFilter negotiateSecurityFilter;
@Autowired
private NegotiateSecurityFilterEntryPoint entryPoint;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.anyRequest()
.authenticated()
.and()
.httpBasic()
.authenticationEntryPoint(entryPoint)
.and()
.addFilterBefore(negotiateSecurityFilter, BasicAuthenticationFilter.class)
.headers()
.addHeaderWriter(new StaticHeadersWriter("Access-Control-Allow-Credentials", "true"));
http.cors();
}
@Override
@Autowired
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication();
}
}
WaffleConfig.java
@Configuration
public class WaffleConfig {
@Bean
public WindowsAuthProviderImpl waffleWindowsAuthProvider() {
return new WindowsAuthProviderImpl();
}
@Bean
public NegotiateSecurityFilterProvider negotiateSecurityFilterProvider(
WindowsAuthProviderImpl windowsAuthProvider) {
return new NegotiateSecurityFilterProvider(windowsAuthProvider);
}
@Bean
public BasicSecurityFilterProvider basicSecurityFilterProvider(
WindowsAuthProviderImpl windowsAuthProvider) {
return new BasicSecurityFilterProvider(windowsAuthProvider);
}
@Bean
public SecurityFilterProviderCollection waffleSecurityFilterProviderCollection(
NegotiateSecurityFilterProvider negotiateSecurityFilterProvider,
BasicSecurityFilterProvider basicSecurityFilterProvider) {
SecurityFilterProvider[] securityFilterProviders =
{negotiateSecurityFilterProvider, basicSecurityFilterProvider};
return new SecurityFilterProviderCollection(securityFilterProviders);
}
@Bean
public NegotiateSecurityFilterEntryPoint negotiateSecurityFilterEntryPoint(
SecurityFilterProviderCollection securityFilterProviderCollection) {
NegotiateSecurityFilterEntryPoint negotiateSecurityFilterEntryPoint =
new NegotiateSecurityFilterEntryPoint();
negotiateSecurityFilterEntryPoint.setProvider(securityFilterProviderCollection);
return negotiateSecurityFilterEntryPoint;
}
@Bean
public NegotiateSecurityFilter waffleNegotiateSecurityFilter(
SecurityFilterProviderCollection securityFilterProviderCollection) {
NegotiateSecurityFilter negotiateSecurityFilter = new NegotiateSecurityFilter();
negotiateSecurityFilter.setProvider(securityFilterProviderCollection);
return negotiateSecurityFilter;
}
@Bean
public FilterRegistrationBean waffleNegotiateSecurityFilterRegistration(
NegotiateSecurityFilter waffleNegotiateSecurityFilter) {
FilterRegistrationBean registrationBean = new FilterRegistrationBean();
registrationBean.setFilter(waffleNegotiateSecurityFilter);
registrationBean.setEnabled(false);
return registrationBean;
}
}
I noticed one thing.
When accessing via Firefox, the following message is added to the logs:
FilterSecurityInterceptor - Failed to authorize filter invocation [GET /myapiurl] with attributes [authenticated]
When accessing via Chrome, the message is this other:
FilterSecurityInterceptor - Authorized filter invocation [GET /myapiurl] with attributes [authenticated]