Spring boot multiple authentication adapters

Hi All!

I have an issue with Spring Boot security. What I want is to have two different authentication for the same project at the same time in Spring Boot. The one is SSO (keycloak authentication) for all path except '/download/export/*' , the other one is Spring Boot basic authentication.
Here is my configuration file:

@Configuration @EnableWebSecurityp public class MultiHttpSecurityConfig { @Configuration @Order(1) public static class DownloadableExportFilesSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http .antMatcher("/download/export/test") .authorizeRequests() .anyRequest().hasRole("USER1") .and() .httpBasic(); } @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { auth.inMemoryAuthentication() .withUser("user").password("password1").roles("USER1"); } } @Configuration @ComponentScan(basePackageClasses = KeycloakSecurityComponents.class) public static class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter { @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { auth.authenticationProvider(keycloakAuthenticationProvider()); } @Bean @Override protected SessionAuthenticationStrategy sessionAuthenticationStrategy() { return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl()); } @Override protected void configure(HttpSecurity http) throws Exception { super.configure(http); http .regexMatcher("^(?!.*/download/export/test)") .authorizeRequests() .anyRequest().hasAnyRole("ADMIN", "SUPER_ADMIN") .and() .logout().logoutSuccessUrl("/bye"); } }


The problem with above code is the following:
If I request url '/download/export/test', than it asks me the username/password (Basic authentication). After successful login it asks me again for username/password (but this time keycloak authentication) , even if the requested url is excluded from SecurityConfig (Keycloak Adapter).

It gives me only a warning:

2016-06-20 16:31:28.771 WARN 6872 --- [nio-8087-exec-6] o.k.a.s.token.SpringSecurityTokenStore : Expected a KeycloakAuthenticationToken, but found org.springframework.security.authentication.UsernamePasswordAuthenticationToken@3fb541cc: Principal: org.springframework.security.core.userdetails.User@36ebcb: Username: user; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER1; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: 4C1BD3EA1FD7F50477548DEC4B5B5162; Granted Authorities: ROLE_USER1

Do you have any ideas how to use keycloak and basic authentication together?

Many many thanks!
Carlo