0

I have configured multiple custom auth providers,using auth2 and spring boot, but it always executes the CustomInternalAuthenticationProvider only.can you please explain the how to apply ant matcher rules in order?i have used two WebSecurityConfigurerAdapter classes and one is orderded and one is default.guide me on how to handle the antmatcher rules properly?

@EnableResourceServer
@EnableWebSecurity
public class WebSecurityConfig{

    @Autowired
    UserDetailsService userDetailsService;

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService);
    }


    @Configuration
    @Order(1)
    public static class ApiWebSecurityConfig extends WebSecurityConfigurerAdapter{

        @Override
        protected void configure(HttpSecurity http) throws Exception {
            System.out.println("@order");
                      http.antMatcher("/../main/**")
                      .requestMatchers()
                      .antMatchers("/","/login*", "/oauth/authorize**","/exit","**/logout")

                  .and().authenticationProvider(daoInternalAuthenticationProvider())
                   .formLogin().loginPage("/login")

                ;
        }

        @Bean
        public AuthenticationProvider daoInternalAuthenticationProvider() throws Exception {

            return new CustomInternalAuthenticationProvider();
        }

    }

    @Configuration
    public static class ApiTokenSecurityConfig extends WebSecurityConfigurerAdapter{

        @Override
        protected void configure(HttpSecurity http) throws Exception {
            System.out.println("default");

                  http.antMatcher("/../user/**")
                      .requestMatchers()
                      .antMatchers("/","/login*", "/oauth/authorize**","/exit","**/logout")


                          .and() .authenticationProvider(daoExternalAuthenticationProvider())
               .formLogin().loginPage("/login")

               ;


        }

        @Bean
        public AuthenticationProvider daoExternalAuthenticationProvider() throws Exception {

            return new CustomExternalAuthonticationProvider();
        }






    }
bbb
  • 9
  • 4
  • Possible duplicate of [Multiple antMatchers in Spring security](https://stackoverflow.com/questions/30819337/multiple-antmatchers-in-spring-security) – Mebin Joe Jun 25 '19 at 09:33
  • nono this is my code not the duplicate one i want to use multiplauth providers for multiple urls and need to by allowing .antMatchers("/","/login*", "/oauth/authorize**","/exit","**/logout") to all without authenticating otherwise it's getting Full authentication is required to access this resource error,please help me to solve this problem – bbb Jun 25 '19 at 09:37

0 Answers0