CODEWITHSUNDEEP
javaspring-bootspring-security
Rose
Rose

Reputation: 151

Spring boot Basic Authentication in 2.7.5 version -latest version

I have implemented the Basic Authentication in higher version but I have few queries in implementation .Below is the syntax :

1 Query :I could see authorizeHttpRequests((authz) -> authz) and authorizeRequests() methods , Which is the best one to use in higher versions ? 2 Query :.httpBasic() and httpBasic(withDefaults()) :which method should be used for the implementation

3 Query :To encode the password which bean syntax is correct and what is the difference between two beans ? And which bean should be used .Can any one help me on the mentioned queries

@Bean
    public PasswordEncoder passwordEncoder()  {
        return new BCryptPasswordEncoder();


 @Bean
    public BCryptPasswordEncoder passwordEncoder()  {
        return new BCryptPasswordEncoder();

 @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {

        String username = username;
        String password = password;

        String encodedPassword = passwordEncoder().encode(password);
        System.out.println("encodedPassword" +encodedPassword);
        AuthenticationManagerBuilder authenticationManagerBuilder = http.getSharedObject(AuthenticationManagerBuilder.class);
        authenticationManagerBuilder.inMemoryAuthentication().withUser(username).password(encodedPassword).roles(role);

        AuthenticationManager authenticationManager = authenticationManagerBuilder.build();
        http.csrf().disable().authorizeHttpRequests((authz) -> authz
                .antMatchers("/service").hasRole(role).and()
                .authenticationManager(authenticationManager))
                .httpBasic();
        return http.build();
    }

    @Bean
    public BCryptPasswordEncoder passwordEncoder()  {
        return new BCryptPasswordEncoder();


    }

Upvotes: 0

Views: 903

Answers (1)

Kaushal
Kaushal

Reputation: 69

  1. The authorizeHttpRequests uses the new simplified AuthorizationManager API and the AuthorizationFilter, while authorizeRequests uses the AccessDecisionManager and FilterSecurityInterceptor. The authorizeRequests will be deprecated in future version of Spring Security. Check the difference from here-

2.Both are Ok, Sometimes so we use throws Exception, BCryptPasswordEncoder throws a Null Pointer Exception (NPE) when passing in a null password

Upvotes: 1

Related Questions