Basic authentication is good for our RESTful API, but we would rather have a login page carefully designed by our team to improve the web experience.
Spring Security allows us to define as many WebSecurityConfigurerAdapter
classes as we need. We will split our SecurityConfiguration
class into two parts:
ApiSecurityConfiguration
: This will be configured first. This will secure the RESTful endpoints with basic authentication.WebSecurityConfiguration
: This will then configure login form for the rest of our application.
You can remove or rename SecurityConfiguration
and create ApiSecurityConfiguration
instead:
@Configuration
@Order(1)
public class ApiSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
public void configureAuth(AuthenticationManagerBuilder auth)
throws Exception {
auth.inMemoryAuthentication()
.withUser("user").password("user").roles("USER").and()
.withUser("admin").password("admin").roles("USER...