Spring security with Oauth2 or Http-Basic authentication for the same resource

Question

I\'m attempting to implement an API with resources that are protected by either Oauth2 OR Http-Basic authentication.

When I load the WebSecurityConfigurerAdapter which a

Answer 1

Can't provide you with complete example, but here's a hints to dig:

Roughly, spring auth is just a combination of request filter that extract auth data from request (headers) and authentication manager that provides authentication object for that auth.

So to get basic and oauth at the same url, you need 2 filters installed in filter chain BasicAuthenticationFilter and OAuth2AuthenticationProcessingFilter.

I think the problem is that ConfiguringAdapters good for more simple confs as they tend to override each other. So as a first step try to move

.httpBasic();

call to ResourceServerConfiguration Note that you also need to provide 2 different auth managers: one for basic auth and one for oauth