public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
http.
...
.formLogin(f -> f
.requiresAuthenticationMatcher(LOGIN_MATCHER)
.authenticationFailureHandler(this.statelessAuthenticationFailureHandler)
.authenticationSuccessHandler(this.statelessAuthenticationSuccessHandler)
.authenticationconverter(this.authenticationconverter) // config support
)
...
Current solution
private void configDynamicAuthenticationWebFilter(ServerHttpSecurity http) {
AuthenticationWebFilter webFilter = new AuthenticationWebFilter(this.dynamicAuthenticationManager);
webFilter.setRequiresAuthenticationMatcher(LOGIN_MATCHER);
webFilter.setAuthenticationFailureHandler(this.statelessAuthenticationFailureHandler);
webFilter.setAuthenticationSuccessHandler(this.statelessAuthenticationSuccessHandler);
webFilter.setSecurityContextRepository(this.serverSecurityContextRepository);
webFilter.setServerAuthenticationConverter(new DynamicAuthenticationConverter());
http.addFilterBefore(webFilter, SecurityWebFiltersOrder.FORM_LOGIN);
}
Comment From: rwinch
I don't think we will do this because the formLogin implies that it is a form which implies the way the authentication is converted is reading from a form (thus it wouldn't need changed). Can you provide a case where you are attempting to authenticate by posting a username/password and you would change the converter?
Comment From: lanmingle
@rwinch Thanks for your advice !
Comment From: sanyarnd
@rwinch it might be useful for cases, when you want to pass an additional data, like set of flags or fileds
Currently I have to work this out with
build.getWebFilters().collectList().subscribe(
webFilters -> {
for (WebFilter filter : webFilters) {
if (filter instanceof AuthenticationWebFilter) {
AuthenticationWebFilter awf = (AuthenticationWebFilter) filter;
awf.setServerAuthenticationConverter(new CustomServerFormLoginAuthenticationConverter());
}
}
}
);
which is not really nice