How to remove .httpBasic() from waffle implementation
9 views
Skip to first unread message
Juan OKeeffe
Mar 20, 2024, 5:32:22 PMMar 20
to waffle
I have this waffle implementation in a java spring application that successfully authenticates the user.
import waffle.spring.NegotiateSecurityFilter;
import waffle.spring.NegotiateSecurityFilterEntryPoint;
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private NegotiateSecurityFilter negotiateSecurityFilter;
@Autowired
private NegotiateSecurityFilterEntryPoint entryPoint;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.anyRequest()
.authenticated()
.and()
.httpBasic()
.authenticationEntryPoint(entryPoint)
.and()
.addFilterBefore(negotiateSecurityFilter, BasicAuthenticationFilter.class)
.headers()
.addHeaderWriter(new StaticHeadersWriter("Access-Control-Allow-Credentials", "true"));
http.cors();
}
@Override
@Autowired
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication();
}
}
Now I want to remove httpBasic authentication from there and leave just waffle negotiateSecurityFilter to use Kerberos/NTLM authentication only.
I tried this change:
http
.csrf().disable()
.authorizeRequests()
.anyRequest()
.authenticated()
.and()
.addFilterBefore(negotiateSecurityFilter, BasicAuthenticationFilter.class)
.headers()
.addHeaderWriter(new StaticHeadersWriter("Access-Control-Allow-Credentials", "true"));
But then authentication doesn't work returning this error message:
org.springframework.security.access.AccessDeniedException: Access is denied
How can I remove Basic authentication then?
import waffle.spring.NegotiateSecurityFilter;
import waffle.spring.NegotiateSecurityFilterEntryPoint;
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private NegotiateSecurityFilter negotiateSecurityFilter;
@Autowired
private NegotiateSecurityFilterEntryPoint entryPoint;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.anyRequest()
.authenticated()
.and()
.httpBasic()
.authenticationEntryPoint(entryPoint)
.and()
.addFilterBefore(negotiateSecurityFilter, BasicAuthenticationFilter.class)
.headers()
.addHeaderWriter(new StaticHeadersWriter("Access-Control-Allow-Credentials", "true"));
http.cors();
}
@Override
@Autowired
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication();
}
}
Now I want to remove httpBasic authentication from there and leave just waffle negotiateSecurityFilter to use Kerberos/NTLM authentication only.
I tried this change:
http
.csrf().disable()
.authorizeRequests()
.anyRequest()
.authenticated()
.and()
.addFilterBefore(negotiateSecurityFilter, BasicAuthenticationFilter.class)
.headers()
.addHeaderWriter(new StaticHeadersWriter("Access-Control-Allow-Credentials", "true"));
But then authentication doesn't work returning this error message:
org.springframework.security.access.AccessDeniedException: Access is denied
How can I remove Basic authentication then?
Reply all
Reply to author
Forward
0 new messages