I'm working on a REST server platform that's composed of:
The full code so far is at https://github.com/TheChrisPratt/vytamin
But I'm running into a problem. When I submit a request it's throwing org.springframework.security.authentication.AuthenticationCredentialsNotFoundException: An Authentication object was not found in the SecurityContext
My Security Configuration is basically:
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled=true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private AuthenticationProvider authenticationProvider;
@Bean
@Override
public AuthenticationManager authenticationManagerBean () throws Exception {
return super.authenticationManagerBean();
} //authenticationManagerBean
@Bean
public PasswordEncoder passwordEncoder () {
return PasswordEncoderFactories.createDelegatingPasswordEncoder();
} //passwordEncoder
@Override
public void configure (AuthenticationManagerBuilder auth) throws Exception {
super.configure(auth);
PasswordEncoder encoder = passwordEncoder();
auth.authenticationProvider(authenticationProvider)
.inMemoryAuthentication().withUser("bob").password(encoder.encode("{noop}bobpassword")).roles("USER")
.and().withUser("fred").password(encoder.encode("{noop}fredpassword")).roles("ADMIN","USER");
} //configure
@Override
protected void configure (HttpSecurity http) throws Exception {
log.trace("--==<<(( Configuring HTTP Security ))>>==-----");
http.authorizeRequests().anyRequest().authenticated()
.and().httpBasic()
.and().csrf().disable();
} //configure
} //*SecurityConfig
And an example controller would look like:
@Path("/course")
@Produces(APPLICATION_JSON)
@Controller("courseResource")
public class CourseResource {
@Autowired
private CourseService courseService;
@GET
@Path("/{courseId}")
@Secured("ROLE_USER")
public Course getCourse (@PathParam("courseId") long courseId) {
return courseService.getById(courseId);
} //getCourse
} //*CourseResource
It turns out I was missing an ExceptionMapper
to map AuthenticationException
's. Once I mapped that exception to a 401 Unauthorized response it started properly responding to the requests.