Using another authentication for Spring Boot API for some endpoints

Hello,
We have a React Web App independent from our Spring Boot Api app. We configured our Spring Boot App as a ressource server. And we have succeeded to authenticate to OKTA using oAuth 2 PKCE authorization flow from React SPA.

Some endpoints are accessible from React SPA with OKTA PKCE flow authentication.
We also have some other endpoints that we want to protect by authentication custom system (login/password managed by ourselves).
We do not know how to configure a double authentication system in Spring and to access the right authentication system depending on the url.
In fact, if we call localhost:8080/endpoint we want to use OKTA authentication and
if we call localhost:8080/somethingElse we want to use our own authentication system.
Here is what we are trying to do:

protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/end-point/**")
.authenticated()
.anyRequest().permitAll().and().oauth2ResourceServer().jwt() ;

 http                    
         .sessionManagement()
         .sessionCreationPolicy(SessionCreationPolicy.STATELESS)                    
         .and().addFilter(initAuthenticationFilter())                    
         .antMatcher("/somethingElse/**")                    
         .authorizeRequests().anyRequest().authenticated();          

 http.csrf().disable();
 http.cors(); 

 Okta.configureResourceServer401ResponseBody(http);       

}

Many thanks for your help

Here’s the solution we have found along with the stackoverflow members, check this out here okta - Use several spring security configuration and apply them according to the calling url - Stack Overflow

1 Like