I am attempting to configure spring security to perform Cookie Authentication for REST APIs as described in in this example https://swagger.io/docs/specification/authentication/cookie-authentication/ and I have been able to achieve it with the below configuration:
public SecurityFilterChain filterChain(HttpSecurity http, AuthenticationManager authenticationManager)
throws Exception {
CustomAuthenticationProcessingFilter customAuthenticationProcessingFilter = new CustomAuthenticationProcessingFilter();
customAuthenticationProcessingFilter.setAuthenticationManager(authenticationManager);
http
.csrf().disable()
.addFilterAt(
customAuthenticationProcessingFilter,
UsernamePasswordAuthenticationFilter.class)
.authorizeRequests()
.antMatchers( "/**").authenticated()
.antMatchers("/api/sign-up", "/api/sign-in").permitAll().anyRequest().authenticated()
.and().httpBasic().authenticationEntryPoint(new RestAuthenticationEntryPoint())
.and().logout().logoutUrl("/api/sign-out");
return http.build();
}
Everything is working except that I am still getting a redirect on successful login to root or the last endpoint that required authetication.
Can someone share how to properly configure Cookie Authentication. I want to send credentials in Json and receive a Json response on success or error. And disable the redirection to the last attempted endpoint.
I had to configure the success handler on the CustomAuthenticationProcessingFilter filter, and not the loginForm
Configuring the custome filter resulted in the succss handler for the loginform() not being called at all.
customAuthenticationProcessingFilter.setAuthenticationSuccessHandler(customeAuthenticationSuccessHandler());