Jmix version: 2.3.1-241
I have finished doing the custom security configuration for the api login.
There is no error is the intellij, and the api is working fine when tested with Postman. It’s just that the site is returning the error:
This site can’t be reached
The webpage at http://localhost:8080/login might be temporarily down or it may have moved permanently to a new web address.
all this happened after i did the custom configuration class. please give solution.
The code is as below:
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Primary;
import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.HttpStatusEntryPoint;
import com.company.lawnetjmix.service.CustomUserDetailsService;
import io.jmix.core.security.SystemAuthenticationToken;
import java.util.Arrays;
import java.util.Collections;
@Configuration
@EnableWebSecurity(debug = true)
public class SecurityConfig {
@Autowired
private CustomUserDetailsService customUserDetailsService;
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http.csrf(csrf -> csrf.disable())
.authorizeHttpRequests(authorize -> authorize
.requestMatchers("/api/login", "/VAADIN/**").permitAll()
.anyRequest().authenticated())
.logout(logout -> logout
.logoutUrl("/api/logout")
.logoutSuccessUrl("/api/logout_success")
.permitAll())
.exceptionHandling(customizer -> customizer.authenticationEntryPoint(
new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED)))
.sessionManagement(session -> session
.maximumSessions(1) // limits one session per user
.expiredUrl("/login?expired"));
return http.build();
}
@Bean
@Primary
public AuthenticationManager authenticationManager(
AuthenticationConfiguration configuration) throws Exception {
return new ProviderManager(Arrays.asList(daoAuthenticationProvider(), systemAuthenticationProvider()));
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
public DaoAuthenticationProvider daoAuthenticationProvider() {
DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
provider.setPasswordEncoder(passwordEncoder());
provider.setUserDetailsService(customUserDetailsService);
return provider;
}
@Bean
public AuthenticationProvider systemAuthenticationProvider() {
return new AuthenticationProvider() {
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
if (authentication instanceof SystemAuthenticationToken) {
return new UsernamePasswordAuthenticationToken(authentication.getPrincipal(), null, Collections.emptyList());
}
return null;
}
@Override
public boolean supports(Class<?> authentication) {
return SystemAuthenticationToken.class.isAssignableFrom(authentication);
}
};
}
}```