Juan OKeeffe
unread,Mar 20, 2024, 5:32:22 PMMar 20Sign in to reply to author
Sign in to forward
You do not have permission to delete messages in this group
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to waffle
I have this waffle implementation in a java spring application that successfully authenticates the user.
import waffle.spring.NegotiateSecurityFilter;
import waffle.spring.NegotiateSecurityFilterEntryPoint;
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private NegotiateSecurityFilter negotiateSecurityFilter;
@Autowired
private NegotiateSecurityFilterEntryPoint entryPoint;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.anyRequest()
.authenticated()
.and()
.httpBasic()
.authenticationEntryPoint(entryPoint)
.and()
.addFilterBefore(negotiateSecurityFilter, BasicAuthenticationFilter.class)
.headers()
.addHeaderWriter(new StaticHeadersWriter("Access-Control-Allow-Credentials", "true"));
http.cors();
}
@Override
@Autowired
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication();
}
}
Now I want to remove httpBasic authentication from there and leave just waffle negotiateSecurityFilter to use Kerberos/NTLM authentication only.
I tried this change:
http
.csrf().disable()
.authorizeRequests()
.anyRequest()
.authenticated()
.and()
.addFilterBefore(negotiateSecurityFilter, BasicAuthenticationFilter.class)
.headers()
.addHeaderWriter(new StaticHeadersWriter("Access-Control-Allow-Credentials", "true"));
But then authentication doesn't work returning this error message:
org.springframework.security.access.AccessDeniedException: Access is denied
How can I remove Basic authentication then?