Custom authentication provider problem

Hi everyone,

I had added a custom REST interface to my camunda Spring Boot app. And I wanted to secure that interface. So I searched a little bit around and came to the following solution:
First, you’ve got to configure the Security:

@Configuration
public class SecurityConfig
	extends
		WebSecurityConfigurerAdapter
{
	@Autowired
	private CamundaSecurityAuthenticationProvider provider;

	@Override
	protected void configure(HttpSecurity http)
		throws Exception
	{
		//@formatter:off
		http
			.csrf().disable()
			.authorizeRequests().anyRequest().authenticated()
			.and()
			.httpBasic();
		//@formatter:on
	}

	@Override
	protected void configure(AuthenticationManagerBuilder auth)
		throws Exception
	{
		auth.authenticationProvider(provider);
	}
}

And then, use your custom AuthenticationProvider:

@Component
public class CamundaSecurityAuthenticationProvider
	implements
		AuthenticationProvider
{
	@Autowired
	private IdentityService identityService;

	@Override
	public Authentication authenticate(Authentication authentication)
    		throws AuthenticationException
    	{
    		String name = authentication.getName();
    		String password = authentication.getCredentials().toString();
    		Authentication result;
    		boolean valid = identityService.checkPassword(name, password);
    		if (valid)
    		{
    			result = new UsernamePasswordAuthenticationToken(name, password, new ArrayList<>());
    		}
    		else
    		{
    			result = null;
    		}
    		return result;
    	}

    	@Override
    	public boolean supports(Class<?> authentication)
    	{
    		boolean result = authentication.equals(UsernamePasswordAuthenticationToken.class);
    		return result;
    	}
    }

The custom REST interface is now secured as planned. But if a user wants to log in with a Browser, he/she has to fill out the login form of the browser and afterwards Camunda’s login form. I’ve read in the forum some hints about xml-configuration called “filter”. But I can’t find any web.xml file.

Has anybody an idea how I can get out of this double login?

Many Thanks in advance!

I found the solution. The trick is the configuration. This java class solves the problem:

public class SecurityConfig
	extends
		WebSecurityConfigurerAdapter
{
	@Autowired
	private CamundaSecurityAuthenticationProvider provider;

	@Override
	protected void configure(HttpSecurity http)
		throws Exception
	{
		//@formatter:off
		http
			.csrf().disable()
			.authorizeRequests().antMatchers("/custom-rest-1/**", "/custom-rest-2/**").authenticated()
			.and()
			.httpBasic();
		//@formatter:on
	}

	@Override
	protected void configure(AuthenticationManagerBuilder auth)
		throws Exception
	{
		auth.authenticationProvider(provider);
	}

}

Just configure antMatchers instead of anyRequest()