Digest auth with Spring Security using javaconfig

Question

So I'm trying to create a digest authentication spring following the documentation trying to translate the xml "requirements" in Java requirements.

Let's say we have the xml like in the docs:

<bean id="digestFilter" class=
    "org.springframework.security.web.authentication.www.DigestAuthenticationFilter">
  <property name="userDetailsService" ref="jdbcDaoImpl"/>
  <property name="authenticationEntryPoint" ref="digestEntryPoint"/>
  <property name="userCache" ref="userCache"/>
</bean>

<bean id="digestEntryPoint" class=
    "org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint">
  <property name="realmName" value="Contacts Realm via Digest Authentication"/>
  <property name="key" value="acegi"/>
  <property name="nonceValiditySeconds" value="10"/>
</bean>

This is my current javaconfig:

@Configuration
@Profile({"integration", "release"})
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter
{

  @Resource(authenticationType = Resource.AuthenticationType.CONTAINER, mappedName = "jdbc/db")
  private DataSource datasource;

  @Override
  protected void registerAuthentication (AuthenticationManagerBuilder auth) throws Exception
  {
    auth.jdbcAuthentication().dataSource(datasource)
        .usersByUsernameQuery("SELECT ID_USER, PASSWORD, ACTIVE FROM USERS WHERE ID_USER = ?;")
        .authoritiesByUsernameQuery("SELECT ID_USER, ID_ROLE FROM USER_ROLES WHERE ID_USER = ?");
  }

  @Bean
  public BasicAuthenticationEntryPoint entryPoint ()
  {

    BasicAuthenticationEntryPoint basicAuthenticationEntryPoint = new BasicAuthenticationEntryPoint();
    basicAuthenticationEntryPoint.setRealmName("Basic WF Realm");
    return basicAuthenticationEntryPoint;
  }

  @Bean
  public DigestAuthenticationEntryPoint digestEntryPoint ()
  {
    DigestAuthenticationEntryPoint digestAuthenticationEntryPoint = new DigestAuthenticationEntryPoint();
    digestAuthenticationEntryPoint.setKey("mykey");
    digestAuthenticationEntryPoint.setRealmName("Digest WF Realm");
    return digestAuthenticationEntryPoint;
  }

  public DigestAuthenticationFilter digestAuthenticationFilter (
      DigestAuthenticationEntryPoint digestAuthenticationEntryPoint)
  {
    DigestAuthenticationFilter digestAuthenticationFilter = new DigestAuthenticationFilter();
    digestAuthenticationFilter.setAuthenticationEntryPoint(digestEntryPoint());
//    digestAuthenticationFilter.setAuthenticationDetailsSource(authenticationDetailsSource);
    return digestAuthenticationFilter;
  }

  @Override
  protected void configure (HttpSecurity http) throws Exception
  {
        // basic auth - it works!
        // http.exceptionHandling().authenticationEntryPoint(entryPoint()).and()
    http            
    .authorizeUrls().antMatchers("/firstres/*").permitAll()
        .antMatchers("/secondres/*").permitAll()
        .antMatchers("/resources/*").permitAll()
        .antMatchers("/**").hasAnyAuthority("first_role", "second_role").and()//.httpBasic();
    .addFilter(digestAuthenticationFilter(digestEntryPoint()));
  }

}

I just get a 403 - Access Denied. With httpBasic was working. Can you tell what I'm missing?

Answer 1

I'm not sure when you are getting the 403 Access Denied, but if it is happening when you request a protected resource before you have authenticated then you need this:

@Override
protected void configure (HttpSecurity http) throws Exception
{
  http
      .exceptionHandling()
          // this entry point handles when you request a protected page and
          // you are not yet authenticated
          .authenticationEntryPoint(digestEntryPoint())
          .and()
      .authorizeUrls()
          .antMatchers("/firstres/*").permitAll()
          .antMatchers("/secondres/*").permitAll()
          .antMatchers("/resources/*").permitAll()
          .antMatchers("/**").hasAnyAuthority("first_role", "second_role").and()
      // the entry point on digest filter is used for failed authentication attempts
      .addFilter(digestAuthenticationFilter(digestEntryPoint()));
}

@Override
@Bean
public UserDetailsService userDetailsServiceBean() {
    return super.userDetailsServiceBean();
}

public DigestAuthenticationFilter digestAuthenticationFilter (
    DigestAuthenticationEntryPoint digestAuthenticationEntryPoint)
{
  DigestAuthenticationFilter digestAuthenticationFilter = new DigestAuthenticationFilter();
  digestAuthenticationFilter.setAuthenticationEntryPoint(digestEntryPoint());
  digestAuthenticationFilter.setUserDetailsService(userDetailsServiceBean());
  return digestAuthenticationFilter;
}