Skip to content

ServerHttpSecurity can't set multiple authentication managers #5660

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
kyle-c9000 opened this issue Aug 13, 2018 · 1 comment · Fixed by #7048
Closed

ServerHttpSecurity can't set multiple authentication managers #5660

kyle-c9000 opened this issue Aug 13, 2018 · 1 comment · Fixed by #7048
Assignees
@rwinch
Labels
in: config An issue in spring-security-config status: backported An issue that has been backported to maintenance branches type: bug A general bug
Milestone
5.2.0.M4

Comments

@kyle-c9000
Copy link

Summary

The documentation seems to support allowing different authentication managers for different authentication specs (HttpBasicSpec and FormLoginSpec). However, those seem to always be overwritten when the .build() method is called:

HttpBasicSpec overwritten
FormLoginSpec overwritten

Actual Behavior

HttpBasicSpec and FormLoginSpec can not use different AuthenticationManagers

Expected Behavior

HttpBasicSpec and FormLoginSpec should be able to use different AuthenticationManagers

Configuration

    public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
        http
            // ...
            .httpBasic()
                    .authenticationManager(authenticationManager1)
            .and()
            .formLogin()
                    .authenticationManager(authenticationManager2);
        return http.build();
    }

Version

spring-security 5.0.6.RELEASE

The problematic code referenced in the summary appears to still exist in the master branch.

Sample

N/A
@kyle-c9000 kyle-c9000 changed the title ServerHttpSecurity multiple authenticationManager ServerHttpSecurity can't set multiple authentication managers Aug 13, 2018
@rwinch rwinch modified the milestones: 5.1.0.RC1, 5.1.0.RC2 Aug 13, 2018
@rwinch rwinch self-assigned this Aug 13, 2018
@rwinch rwinch added type: bug A general bug Reactive labels Aug 13, 2018
@rwinch rwinch modified the milestones: 5.1.0.RC2, General Backlog Aug 21, 2018
@rwinch rwinch removed the Reactive label May 6, 2019
ttddyy added a commit to ttddyy/spring-security that referenced this issue Jun 28, 2019
@ttddyy
Allow custom ReactiveAuthenticationManager for basic and form auth
dc753db 
Prior to this change, "HttpBasicSpec#authenticationManager" and
"FormLoginSpec#authenticationManager" were always overridden by
"ServerHttpSecurity#authenticationManager".

This commit makes sure override only happens when custom authentication
manager was not specified.

Fixes: spring-projectsgh-5660
@ttddyy ttddyy mentioned this issue Jun 28, 2019
Merged
rwinch pushed a commit that referenced this issue Jun 28, 2019
@ttddyy @rwinch
Allow custom ReactiveAuthenticationManager for basic and form auth
7782e29 
Prior to this change, "HttpBasicSpec#authenticationManager" and
"FormLoginSpec#authenticationManager" were always overridden by
"ServerHttpSecurity#authenticationManager".

This commit makes sure override only happens when custom authentication
manager was not specified.

Fixes: gh-5660
rwinch added a commit that referenced this issue Jun 28, 2019
@rwinch
Allow custom ReactiveAuthenticationManager for basic and form auth
9d543ce 
Prior to this change, "HttpBasicSpec#authenticationManager" and
"FormLoginSpec#authenticationManager" were always overridden by
"ServerHttpSecurity#authenticationManager".

This commit makes sure override only happens when custom authentication
manager was not specified.

Fixes: gh-5660
@spring-projects-issues spring-projects-issues added the status: backported An issue that has been backported to maintenance branches label Jun 28, 2019
Closed
@rwinch rwinch modified the milestones: General Backlog, 5.2.0.RC1 Jun 28, 2019
@rwinch rwinch added the in: config An issue in spring-security-config label Jun 28, 2019
kostya05983 pushed a commit to kostya05983/spring-security that referenced this issue Aug 26, 2019
@ttddyy @kostya05983
Allow custom ReactiveAuthenticationManager for basic and form auth
9d088cd 
Prior to this change, "HttpBasicSpec#authenticationManager" and
"FormLoginSpec#authenticationManager" were always overridden by
"ServerHttpSecurity#authenticationManager".

This commit makes sure override only happens when custom authentication
manager was not specified.

Fixes: spring-projectsgh-5660
@srinivasmkoppal
Copy link

what is authenticationManager1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rwinch rwinch

Labels
in: config An issue in spring-security-config status: backported An issue that has been backported to maintenance branches type: bug A general bug
Projects
None yet
Milestone
5.2.0.M4
Development

Successfully merging a pull request may close this issue.

Allow custom ReactiveAuthenticationManager for basic and form auth ttddyy/spring-security
4 participants
@rwinch @kyle-c9000 @spring-projects-issues @srinivasmkoppal