Add your own authentication items with Spring Security

Overview

You may also use Spring Security when trying to implement authentication with Spring Boot. Spring Security has a mechanism to automatically authenticate if you set items at login, but basically it authenticates with a set of user name and password. I will write what to do if you want to add other items for authentication.

Assumptions, etc.

Implementation sample

Add authenticationProvider to SecurityConfig. authenticationProvider sets ʻAuthenticationProviderImpl` which is implemented independently described later. Also, set authenticationProvider in configureGlobal.

SecurityConfig.java


  @Autowired
  private AuthenticationProviderImpl authenticationProvider;
  
  @Autowired
  public void configureGlobal(
    AuthenticationManagerBuilder auth,
    @Qualifier("userService") UserDetailsService userDetailsService,
    PasswordEncoder passwordEncoder) throws Exception {

    authenticationProvider.setUserDetailsService(userDetailsService);
    authenticationProvider.setPasswordEncoder(passwordEncoder);
    auth.eraseCredentials(true)
      .authenticationProvider(authenticationProvider);
  }

AuthenticationProvider that is implemented independently. I've added a status column to the table to authenticate users who aren't ʻactive`.

AuthenticationProviderImpl.java


@Component
public class AuthenticationProviderImpl extends DaoAuthenticationProvider {
  @Override
  protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
    super.additionalAuthenticationChecks(userDetails, authentication);
    User user = (User) userDetails;

    //Additional conditions
    if (!user.getStatus().equals("active")) {
      throw new AccountStatusNotActiveException("Status is not active");
    }
  }

  public static class AccountStatusNotActiveException extends AuthenticationException {
    public AccountStatusNotActiveException(String message) {
      super(message);
    }
  }

  @Override
  protected void doAfterPropertiesSet() {}
}

Other references

Recommended Posts

Add your own authentication items with Spring Security
Call your own method with PreAuthorize in Spring Security
Implemented authentication function with Spring Security ②
Implemented authentication function with Spring Security ③
Implemented authentication function with Spring Security ①
Authentication / authorization with Spring Security & Thymeleaf
DB authentication with Spring Security & hashing with BCrypt
Achieve BASIC authentication with Spring Boot + Spring Security
About Spring Security authentication
Create your own Utility with Thymeleaf with Spring Boot
[Introduction to Spring Boot] Authentication function with Spring Security
Login function with Spring Security
Add module with Spring Boot
Spring Security usage memo Authentication / authorization
Make your own sampler with JMeter
Spring Boot Tutorial Using Spring Security Authentication
Learn Spring Security authentication processing architecture
I get a 404 error when testing forms authentication with Spring Security
How to create your own Controller corresponding to / error with Spring Boot
Set Spring Security authentication result to JSON
My own Authentication Provider is called twice by spring security and authentication fails
Use Spring Security JSP tags with FreeMarker
How Spring Security works with Hello World
Hash passwords with Spring Boot + Spring Security (with salt, with stretching)
[Java] Article to add validation with Spring Boot 2.3.1.
Add packages to your project with Swift PM
Create Spring Cloud Config Server with security with Spring Boot 2.0
[Java] Sort ArrayList with elements of your own class
Execute arbitrary processing after Basic authentication with Spring boot.
Spring Boot with Spring Security Filter settings and addictive points
Call your own class created under lib with Rails
Handle passwords hashed with BCryptPasswordEncoder in Spring Security in Perl
Create a simple demo site with Spring Security with Spring Boot 2.1
Try to work with Keycloak using Spring Security SAML (Spring 5)
Create API key authentication for Web API in Spring Security
A new employee tried to create an authentication / authorization function from scratch with Spring Security