-
Everything is in the title: how to authorize requests with either an |
Beta Was this translation helpful? Give feedback.
Answered by
ch4mpy
Aug 25, 2024
Replies: 1 comment
-
This duplicates How to use this plugin with alternative authentication at the same time?: All that is needed is to expose an additional @Configuration
public class SecurityConfig {
@Bean
@Order(Ordered.HIGHEST_PRECEDENCE)
SecurityFilterChain apiTokenFilterChain(HttpSecurity http) throws Exception {
// Apply this filter-chain only to requests with an X-API-TOKEN header
http.securityMatcher((HttpServletRequest request) -> {
return Optional.ofNullable(request.getHeader("X-API-TOKEN")).isPresent();
});
http.exceptionHandling(eh -> eh.authenticationEntryPoint((request, response, authException) -> {
response.addHeader(HttpHeaders.WWW_AUTHENTICATE, "PrivateToken realm=\"Restricted Content\"");
response.sendError(HttpStatus.UNAUTHORIZED.value(), HttpStatus.UNAUTHORIZED.getReasonPhrase());
}));
// FIXME: implement request authorization with your custom header.
return http.build();
}
} |
Beta Was this translation helpful? Give feedback.
0 replies
Answer selected by
ch4mpy
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This duplicates How to use this plugin with alternative authentication at the same time?:
spring-addons
auto-configures a resource serverSecurity(Web)FilterChain
with lowest precedence. This filter chain is designed to authorize requests with anAuthorization
header containing aBearer
token.All that is needed is to expose an additional
Security(Web)FilterChain
bean to handleX-API-TOKEN
. Something like: