Spring Boot - Spring Security - Multiple configurations

Question

I try desperately to configure Spring Security in a Spring Boot application this way :

One way with custom token for all services called by the application
One way with HTTP Basic only for REST API services that will be used by another application

The combination of the two ways causes problems...

I tried multiples solutions without any success. I read this section : http://docs.spring.io/spring-security/site/docs/3.2.x/reference/htmlsingle/#multiple-httpsecurity

My code looks like this :

@Override
protected void configure(HttpSecurity http) throws Exception {

// Function called by application
http.authorizeRequests(). antMatchers(HttpMethod.GET, "MyFunction").hasAnyRole("USER");

http.addFilterBefore(xAuthTokenFilter, UsernamePasswordAuthenticationFilter.class);

// Function API REST
http.antMatcher("/api/**").authorizeRequests().anyRequest().authenticated().and().httpBasic();

// Requests blocked by default
http.authorizeRequests().anyRequest().denyAll();

}

Adding httpbasic() causes "Security filter chain: no match" for my first function. Do you have any idea of the right syntax... ?

Thanks in advance.

Same requirements but with different authentication schemes: http://stackoverflow.com/questions/28908946/spring-security-oauth2-and-form-login-configuration/30666550#30666550 — ksokol, Feb 11 '16 at 14:18
The example in Spring Security documentation was correct. I didn't respect correctly the order. It fixes my problem. — Camille Maniez, Feb 11 '16 at 17:19

Spring Boot - Spring Security - Multiple configurations

0 Answers0