How to remove Firefox basic authentication window in a Java, Angular, Waffle application?

47 views Asked by At

I'm working on a Java / Angular application using waffle authentication.

When I access it in the Chrome browser it opens directly.

But when I access it in the firefox browser it opens a browser basic authentication window asking for username and password.

How to remove this authentication window from Firefox? The expected behavior is to open it directly like Chrome.

Note: The issue only happens when I access the application installed in a remote server. When accessing in localhost dev environment, firefox doesn't display the basic authentication window.

SecurityConfig.java

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    
    @Autowired
    private NegotiateSecurityFilter negotiateSecurityFilter;

    @Autowired
    private NegotiateSecurityFilterEntryPoint entryPoint;
    
    @Override
    protected void configure(HttpSecurity http) throws Exception {      
        
          http
                .csrf().disable()
                .authorizeRequests()
                .anyRequest()
                .authenticated()
                .and()
                .httpBasic()
                .authenticationEntryPoint(entryPoint)
                .and()
                .addFilterBefore(negotiateSecurityFilter, BasicAuthenticationFilter.class)                
                .headers()
                .addHeaderWriter(new StaticHeadersWriter("Access-Control-Allow-Credentials", "true"));  
          
          http.cors();   
                
    }

    
    @Override
    @Autowired
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {      
        auth.inMemoryAuthentication();
    }
    
}

WaffleConfig.java

@Configuration
public class WaffleConfig {

    
    @Bean
    public WindowsAuthProviderImpl waffleWindowsAuthProvider() {
        return new WindowsAuthProviderImpl();
    }

    @Bean
    public NegotiateSecurityFilterProvider negotiateSecurityFilterProvider(
            WindowsAuthProviderImpl windowsAuthProvider) {
        return new NegotiateSecurityFilterProvider(windowsAuthProvider);
    }

    @Bean
    public BasicSecurityFilterProvider basicSecurityFilterProvider(
            WindowsAuthProviderImpl windowsAuthProvider) {
        return new BasicSecurityFilterProvider(windowsAuthProvider);
    }

    @Bean
    public SecurityFilterProviderCollection waffleSecurityFilterProviderCollection(
            NegotiateSecurityFilterProvider negotiateSecurityFilterProvider,
            BasicSecurityFilterProvider basicSecurityFilterProvider) {
        SecurityFilterProvider[] securityFilterProviders =
                {negotiateSecurityFilterProvider, basicSecurityFilterProvider};
        return new SecurityFilterProviderCollection(securityFilterProviders);
    }

    @Bean
    public NegotiateSecurityFilterEntryPoint negotiateSecurityFilterEntryPoint(
            SecurityFilterProviderCollection securityFilterProviderCollection) {
        NegotiateSecurityFilterEntryPoint negotiateSecurityFilterEntryPoint =
                new NegotiateSecurityFilterEntryPoint();
        negotiateSecurityFilterEntryPoint.setProvider(securityFilterProviderCollection);
        return negotiateSecurityFilterEntryPoint;
    }

    @Bean
    public NegotiateSecurityFilter waffleNegotiateSecurityFilter(
            SecurityFilterProviderCollection securityFilterProviderCollection) {
        NegotiateSecurityFilter negotiateSecurityFilter = new NegotiateSecurityFilter();
        negotiateSecurityFilter.setProvider(securityFilterProviderCollection);
        return negotiateSecurityFilter;
    }
    
    @Bean
    public FilterRegistrationBean waffleNegotiateSecurityFilterRegistration(
            NegotiateSecurityFilter waffleNegotiateSecurityFilter) {
        FilterRegistrationBean registrationBean = new FilterRegistrationBean();
        registrationBean.setFilter(waffleNegotiateSecurityFilter);
        registrationBean.setEnabled(false);
        return registrationBean;
    }

}

I noticed one thing.

When accessing via Firefox, the following message is added to the logs:

FilterSecurityInterceptor - Failed to authorize filter invocation [GET /myapiurl] with attributes [authenticated]

When accessing via Chrome, the message is this other:

FilterSecurityInterceptor - Authorized filter invocation [GET /myapiurl] with attributes [authenticated]
0

There are 0 answers