DEVHIDE
Login Or Sign up

Spring Security 6 multiple login mechanisms

464 Views Asked by At

Prior to updating from Spring Security 5.3.24 I was able to dynamically configure multiple login solutions on an HttpSecurity such as saml2Login, and two formLogin with differing loginProcessingUrl configurations e.g.

(httpSecurity
                                       .authorizeRequests()
                                   .antMatchers("/index.html","/static/**").permitAll()
                                       .anyRequest().authenticated()
                                       .and()
                                       .exceptionHandling()
                                       .defaultAuthenticationEntryPointFor(
                                          loginUrlauthenticationEntryPoint(),
                                          new AntPathRequestMatcher("/**"))
                                       .and());

followed by

 .saml2Login(saml2 -> saml2
                            .relyingPartyRegistrationRepository(relyingPartyRegistrationRepository)
                            .successHandler(authenticationSuccessHandler));

and

 .formLogin(form -> form
                           .loginPage("/index.html")
                           .loginProcessingUrl("/app/internal/login" + "/**").permitAll()
                           .successHandler(authenticationSuccessHandler)
                           .failureHandler(new AuthenticationFailureHandler() {

And this all worked providing urls for all the login methods. Updating Spring Security 6 (6.1.3) this no longer works. Has this functionality been removed or is there some other way of configuring multiple ways to login with separate url's for handling them all?

spring-security spring-security-6
Original Q&A
1

There are 1 best solutions below

0
On

I think the problems that you met in is deprecated methods and to be sure here are the problem i recommend you to rewrite the securityFilterChain something like this:

@Bean
  public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws Exception {
    httpSecurity
        .authorizeHttpRequests(request -> {
          request.requestMatchers("/index.html","/static/**").permitAll()
              .anyRequest().authenticated();
        });

    httpSecurity.exceptionHandling(exceptionH -> {
          exceptionH.defaultAuthenticationEntryPointFor(
              loginUrlauthenticationEntryPoint(),
              new AntPathRequestMatcher("/**"));
        });
    httpSecurity.saml2Login(saml2 -> saml2
        .relyingPartyRegistrationRepository(relyingPartyRegistrationRepository)
        .successHandler(authenticationSuccessHandler));
    httpSecurity.formLogin(form -> form
        .loginPage("/index.html")
        .loginProcessingUrl("/app/internal/login/**").permitAll()
        .successHandler(authenticationSuccessHandler)
        .failureHandler(new AuthenticationFailureHandler()));

    return httpSecurity.build();
  }

If it also doesn't help you should create two instance of securityFilter @Bean a good example how to do it you can find here a most upvoted answer of this question

Also you have to check Migration Guide

Related Questions in SPRING-SECURITY

Related Questions in SPRING-SECURITY-6

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.