1

Does Micronaut have an equivalent to the spring "formLogin" feature?

When creating a spring boot application, we can add a method (bean) to a @Configuration annotated class like

@Bean 
public SecurityFilterChain sfc(HttpSecurity s) { 
   return s.csrf()
     .disable()
     .authorizeRequests().antMatchers("/**").authenticated()
     .formLogin()
     .build(); 
}

And that is enough to have my app secured, and the password will be checked against the environment variables SPRING_SECURITY_USER_{NAME,PASSWORD}. This makes it very easy to add security to an application.

Was curious if the Micronaut project had a similar way to get up and running with a couple lines of code.

Edit: it also displays this form using bootstrap css: https://github.com/spring-projects/spring-security/blob/main/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java

Dave Ankin
  • 1,060
  • 2
  • 9
  • 20

1 Answers1

1

All you got to do in Micronaut is to go through the steps described in the Micronaut Security Guide.

TL;DR

The Spring Boot feature you're mentioning is not available in Micronaut. But the following easy steps will provide to get there as close as possible.

Mainly that's following these steps:

  • Add these dependencies to your build.gradle
annotationProcessor("io.micronaut.security:micronaut-security-annotations")
implementation("io.micronaut.security:micronaut-security-jwt")
  • Then the security is enabled by default but you can adjust this by modifying your application.yml
micronaut:
   security:
      enabled: true # true is the default value

You can either secure your controller by using the @Secured annotation or define intercepted urls in your application.yml

micronaut:
  security:
    basic-auth:
      enabled: true # enabled basic authentication
    intercept-url-map:
      - pattern: /**
        access:
          - isAuthenticated()

Then you write a simple authentication provider that does the login verifcation.

import io.micronaut.context.annotation.Requires;
import io.micronaut.http.HttpRequest;
import io.micronaut.security.authentication.AuthenticationProvider;
import io.micronaut.security.authentication.AuthenticationRequest;
import io.micronaut.security.authentication.AuthenticationResponse;
import jakarta.inject.Singleton;
import org.reactivestreams.Publisher;
import reactor.core.publisher.Mono;
@Singleton
public class AuthenticationProviderUserPassword implements AuthenticationProvider {

    @Override
    public Publisher<AuthenticationResponse> authenticate(HttpRequest<?> httpRequest, AuthenticationRequest<?, ?> authenticationRequest) {
        return Mono.<AuthenticationResponse>create(emitter -> {
            if (authenticationRequest.getIdentity().equals(System.getenv("YOUR-USER")) && authenticationRequest.getSecret().equals(System.getenv("YOUR-PWD"))) {
                emitter.success(AuthenticationResponse.success("user"));
            } else {
                emitter.error(AuthenticationResponse.exception());
            }
        });
    }
}

That does the job for a good start.

saw303
  • 8,051
  • 7
  • 50
  • 90
  • thanks for the reply, I did see this guide on the micronaut website, but I was mainly interested in the form part - ive edited my question to link to the html form generating code in spring – Dave Ankin Dec 18 '22 at 20:21
  • I updated my answer. The feature you're describing is not present in Micronaut – saw303 Dec 18 '22 at 20:30
  • ok cool, ive accepted the answer, didn't want to reinvent the wheel, but i guess i am making a brand new wheel now anyways :) – Dave Ankin Dec 18 '22 at 20:34