CODEWITHSUNDEEP
springspring-bootspring-security
ashok
ashok

Reputation: 1268

In spring security how to do multiple authentication based on header

I have a spring app that has been integrated with SAML authentication. But now I wanted to expose my api's to other applications and third-party system for which I am using token based authentication. So, how can I check based on the header which authentication mechanism to choose. If the header has X-Apikey as header then need to apply header-based authentication where token must be checked by calling a rest api result(authentication & authorization server). If the token is not having X-Apikey header then need to perform SAML authentication. How can I achieve this with already integrated SAML App.

Upvotes: 4

Views: 1594

Answers (2)

Houcem Berrayana
Houcem Berrayana

Reputation: 3080

What you are looking for is AuthenticationManagerResolver. You can customize at runtime which authentication logic to apply based on a Context (typically an HttpRequest). See this example and here is a dedicated presentation

Upvotes: 1

ebv
ebv

Reputation: 402

  1. You can use a CustomFilter you add in the
@Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
            ...
            .addFilter(customBeforeAuthenticationFilter, CustomBeforeAuthenticationFilter.class)
            ...
}

here more details: https://www.marcobehler.com/guides/spring-security


2) Alternative is adding a "AuthenticationManagerResolver" in your security filter you can then check the headers and decide the authentication used

here is a guide: https://www.baeldung.com/spring-security-authenticationmanagerresolver

Upvotes: 1

Related Questions