Multiple authentication provider for specific url - Spring Boot Security

Question

In Spring security I want to use Basic authentication for urls starting with api/** LDAP Rest Authentication for urls starting with /ldap/. The current code i have also allows ldap/ with basic authentication.

The question comes even if i use them as separate AuthenticationProviders like LdapAuthProvider and BasicAuthProvider how can i use it to point to the specific urls

    @Configuration
    @EnableWebSecurity    
    public class WebSecurityConfig {


        @Configuration
        @Order(1)
        public class BasicAuthenticationProvider extends WebSecurityConfigurerAdapter {


            @Override
            protected void configure(HttpSecurity http) throws Exception {
                http.authorizeRequests().antMatchers("/swagger-ui*", "/info", "/health").permitAll()
                .and().authorizeRequests().antMatchers("/order/**").fullyAuthenticated()
                .and().httpBasic().and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and().csrf().disable()
                .anonymous().disable();
            }

            @Override
            protected void configure(AuthenticationManagerBuilder auth) throws Exception {
                auth.userDetailsService(inMemoryUserDetailsManager());
            }
        }

        @Configuration
        @Order(2)
        public class LdapAuthenticationProvider extends WebSecurityConfigurerAdapter {


            @Override
            protected void configure(HttpSecurity http) throws Exception {
                http.authorizeRequests().antMatchers("/ldap/**").fullyAuthenticated().and().httpBasic()
                .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().csrf().disable();            
            }

            @Override
            protected void configure(AuthenticationManagerBuilder auth) throws Exception {
// auth.ldapAuthentication() code here......
            }      
        }    
    }

I have added the code I had tried and it also allows /ldap/** with the basic authentication which puzzles me — Ram, Mar 18 '19 at 00:42

score 1 · Answer 1 · answered Mar 26 '21 at 13:21

As far as I understand, You have multiple entry points in one application and there are different types of users that can access different portions of the application.

You should look at this Baeldung tutorial: Multiple Entry Points in Spring Security

Multiple authentication provider for specific url - Spring Boot Security

1 Answers1