I have spun up a very basic spring boot app and implemented authentication. I can login to the page through spring boot’s login page.
My security config is
<code> return https.
authorizeHttpRequests(authorize -> authorize
.requestMatchers("/", "/public/**", "/error", "/webjars/**")
.permitAll()
.requestMatchers(HttpMethod.POST, "/contact")
.permitAll()
.requestMatchers("/loggedin/**").authenticated()
).
formLogin(form -> form
.loginPage("/login").permitAll()
.failureHandler(authenticationFailed)
.successHandler(authenticationSuccessful)
).
logout(logout -> logout
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.permitAll()
.logoutSuccessUrl("/logged_out")
.logoutSuccessHandler(logoutComponent)
.invalidateHttpSession(true)
.deleteCookies("JSESSIONID")
).
sessionManagement(session -> session
.invalidSessionUrl("/login")
.sessionFixation()
.migrateSession()
.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
.maximumSessions(1)
.maxSessionsPreventsLogin(true)
.sessionRegistry(sessionRegistry())
.expiredUrl("/logout")
).
headers(headers -> headers
.httpStrictTransportSecurity(security -> security
.includeSubDomains(true)
.maxAgeInSeconds(60 * 60 * 28)
)
.xssProtection(Customizer.withDefaults())
).
build();
</code>
<code> return https.
authorizeHttpRequests(authorize -> authorize
.requestMatchers("/", "/public/**", "/error", "/webjars/**")
.permitAll()
.requestMatchers(HttpMethod.POST, "/contact")
.permitAll()
.requestMatchers("/loggedin/**").authenticated()
).
formLogin(form -> form
.loginPage("/login").permitAll()
.failureHandler(authenticationFailed)
.successHandler(authenticationSuccessful)
).
logout(logout -> logout
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.permitAll()
.logoutSuccessUrl("/logged_out")
.logoutSuccessHandler(logoutComponent)
.invalidateHttpSession(true)
.deleteCookies("JSESSIONID")
).
sessionManagement(session -> session
.invalidSessionUrl("/login")
.sessionFixation()
.migrateSession()
.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
.maximumSessions(1)
.maxSessionsPreventsLogin(true)
.sessionRegistry(sessionRegistry())
.expiredUrl("/logout")
).
headers(headers -> headers
.httpStrictTransportSecurity(security -> security
.includeSubDomains(true)
.maxAgeInSeconds(60 * 60 * 28)
)
.xssProtection(Customizer.withDefaults())
).
build();
</code>
return https.
authorizeHttpRequests(authorize -> authorize
.requestMatchers("/", "/public/**", "/error", "/webjars/**")
.permitAll()
.requestMatchers(HttpMethod.POST, "/contact")
.permitAll()
.requestMatchers("/loggedin/**").authenticated()
).
formLogin(form -> form
.loginPage("/login").permitAll()
.failureHandler(authenticationFailed)
.successHandler(authenticationSuccessful)
).
logout(logout -> logout
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.permitAll()
.logoutSuccessUrl("/logged_out")
.logoutSuccessHandler(logoutComponent)
.invalidateHttpSession(true)
.deleteCookies("JSESSIONID")
).
sessionManagement(session -> session
.invalidSessionUrl("/login")
.sessionFixation()
.migrateSession()
.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
.maximumSessions(1)
.maxSessionsPreventsLogin(true)
.sessionRegistry(sessionRegistry())
.expiredUrl("/logout")
).
headers(headers -> headers
.httpStrictTransportSecurity(security -> security
.includeSubDomains(true)
.maxAgeInSeconds(60 * 60 * 28)
)
.xssProtection(Customizer.withDefaults())
).
build();
And authentication doesn’t even use db but instead has just one user
<code>@Override
public Authentication authenticate(Authentication authentication)
throws AuthenticationException {
String name = authentication.getName();
String password = authentication.getCredentials().toString();
if (name.equals("Test") && password.equals("Test")) {
return new UsernamePasswordAuthenticationToken(name, password, new ArrayList<>());
}
throw new BadCredentialsException("Failed login! Try again.");
}
</code>
<code>@Override
public Authentication authenticate(Authentication authentication)
throws AuthenticationException {
String name = authentication.getName();
String password = authentication.getCredentials().toString();
if (name.equals("Test") && password.equals("Test")) {
return new UsernamePasswordAuthenticationToken(name, password, new ArrayList<>());
}
throw new BadCredentialsException("Failed login! Try again.");
}
</code>
@Override
public Authentication authenticate(Authentication authentication)
throws AuthenticationException {
String name = authentication.getName();
String password = authentication.getCredentials().toString();
if (name.equals("Test") && password.equals("Test")) {
return new UsernamePasswordAuthenticationToken(name, password, new ArrayList<>());
}
throw new BadCredentialsException("Failed login! Try again.");
}
Now I would like to create a desktop app to login to the spring server.
Sadly I can not find any resources on how to implement login request. I have made a simple window that has username and password fields, but I do not know what action to take when login is pressed in order to authenticate. Also should I disable some security setting in order to allow logging in from desktop app to work? Is there any resource