I am attempting to configure spring security to perform Cookie Authentication for REST APIs as described in in this example https://swagger.io/docs/specification/authentication/cookie-authentication/ and I have been able to achieve it with the below configuration:
public SecurityFilterChain filterChain(HttpSecurity http, AuthenticationManager authenticationManager)
throws Exception {
CustomAuthenticationProcessingFilter customAuthenticationProcessingFilter = new CustomAuthenticationProcessingFilter();
customAuthenticationProcessingFilter.setAuthenticationManager(authenticationManager);
http
.csrf().disable()
.addFilterAt(
customAuthenticationProcessingFilter,
UsernamePasswordAuthenticationFilter.class)
.authorizeRequests()
.antMatchers( "/**").authenticated()
.antMatchers("/api/sign-up", "/api/sign-in").permitAll().anyRequest().authenticated()
.and().httpBasic().authenticationEntryPoint(new RestAuthenticationEntryPoint())
.and().logout().logoutUrl("/api/sign-out");
return http.build();
}
Everything is working except that I am still getting a redirect on successful login to root or the last endpoint that required authetication.
Can someone share how to properly configure Cookie Authentication. I want to send credentials in Json and receive a Json response on success or error. And disable the redirection to the last attempted endpoint.
I had to configure the success handler on the
CustomAuthenticationProcessingFilterfilter, and not theloginFormConfiguring the custome filter resulted in the succss handler for the
loginform()not being called at all.customAuthenticationProcessingFilter.setAuthenticationSuccessHandler(customeAuthenticationSuccessHandler());