0

This question is related to this one

I defined my own AuthenticationEntryPoint. When enabled, I receive an exception when trying to execute put requests:

org.springframework.security.authentication.InsufficientAuthenticationException: Full authentication is required to access this resource

But it doesn't happen otherwise.

Does anybody know why and how to fix it? If it's needed more configuration information, let me know.

This is my configuration:

@Configuration
@Order(1)                                                        
public static class RestWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
...
    @Override
    protected void configure(HttpSecurity http) throws Exception {
    ...
        http
            .authorizeRequests()
                .antMatchers("/rest/**").hasAnyRole(Sec.ADMIN,Sec.SUPER_USER)
    ...
        .and().exceptionHandling().authenticationEntryPoint(restAuthenticationEntryPoint)

If I comment out the last line ("authenticationEntryPoint..."), my PUT requests work just fine.

I need to use that EntryPoint in order to prevent the redirection to the login form since this is a REST service.

My RestAuthenticationEntryPoint class is:

@Component( "restAuthenticationEntryPoint" )
public final class RestAuthenticationEntryPoint implements AuthenticationEntryPoint {
    @SuppressWarnings("unused")
    private final Logger logger = Logger.getLogger(getClass());

    @Override
    public void commence(final HttpServletRequest request, final HttpServletResponse response, final AuthenticationException authException) throws IOException {
        response.sendError(HttpServletResponse.SC_UNAUTHORIZED, authException.getMessage());
    }
}
Community
  • 1
  • 1
elysch
  • 1,846
  • 4
  • 25
  • 43
  • Can you switch on the DEBUG logs for `org.springframework.security` and see what it thinks it is doing. There's probably a reason the requests are unauthenticated. – Dave Syer Jul 16 '14 at 06:30
  • hmmmm... its odd. I have `log4j.logger.org.springframework.security=DEBUG` in my log4j.properties. But if I comment it or not, doesn't make any difference. Just before that I have `log4j.appender.A1.layout.ConversionPattern=%d %5p [%t] (%F:%L) - %m%n` and it does change the log format. – elysch Jul 16 '14 at 16:21
  • My first line is `log4j.rootLogger=INFO, A1` – elysch Jul 16 '14 at 16:59
  • I'm never really clear on the format for log config files. With Spring Boot 1.1.4 you can set the log levels in application.properties (yml etc). – Dave Syer Jul 16 '14 at 17:33
  • Well. Finally managed to change spring security log level. Had to convert my log4j.properties to logback.xml using this [tool](http://logback.qos.ch/translator/) and put it in my resources directory. Spring-boot uses logback by default. Now I will keep looking for the solution to my problem. – elysch Jul 19 '14 at 14:37

0 Answers0