Use RequestHeaderRequestMatcher and antmactcher basic auth in the same configuration Spring Security

Question

I have this filter :

 @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.requestMatchers(new RequestHeaderRequestMatcher("Caller", "Rem"));
        // add here a seconde filter condition for basic Auth
    }

Just After header filter, I want to make another filter in same configuration with the identifiers inMemory below:

 @Autowired
    public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication()
            .passwordEncoder(NoOpPasswordEncoder.getInstance())
            .withUser("myAccount").password("MyPassword").roles("USER");
    }

Thanks in adance.

Answer 1

http.httpBasic().and()
                .authorizeRequests()
                .requestMatchers(new AndRequestMatcher(new RequestHeaderRequestMatcher("Caller", "Rem"), new AntPathRequestMatcher("/hello/one")))
                .hasRole("USER")
                .and()
                .authorizeRequests().anyRequest().authenticated()
        .anyRequest().denyAll();

Replace "/hello/one" with "/**" in your scenario.

Explanation:

1. if path in request doesn't match "/hello/one" then server would return 403.
2. if path matches, it would check for authentication, if failed 401 would be returned else it would go to next step.
3. if path matches and authentication is successful but header doesn't contain "Caller" with value "Rem" 403 would be returned.
4. if path matches, authentication is successful and header has required key-value, endpoint would get executed.