Announcement Announcement Module
Collapse
No announcement yet.
custom WebAuthenticationDetails; xml syntax for it to be used? Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • custom WebAuthenticationDetails; xml syntax for it to be used?

    Greetings,

    Spring v3.0.3

    I have a java class extending WebAuthenticationDetails as so:
    public class VasmWebAuthenticationDetails extends WebAuthenticationDetails {...}

    It's the xml that's got me confused..

    My xml looks like so:

    Code:
    <beans xmlns="http://www.springframework.org/schema/beans"
    	xmlns:security="http://www.springframework.org/schema/security"
    	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schem...-beans-3.0.xsd 
              http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
    
    	<security:http access-decision-manager-ref="msdpAccessDecisionManager" create-session="never">
    		<security:http-basic/>
    		<security:intercept-url pattern="/services/rest/**" access="BROWSE_CENTRAL" method="GET" />
    		<security:intercept-url pattern="/services/rest/**" access="UPDATE_CENTRAL" method="POST" />
    		<security:intercept-url pattern="/services/rest/**" access="UPDATE_CENTRAL" method="PUT" />
    		<security:intercept-url pattern="/services/rest/**" access="DELETE_CENTRAL" method="DELETE" />
    		<security:intercept-url pattern="/services/ops/**" access="OPERATIONS_ADMIN" />
    	</security:http>
    
    	<security:authentication-manager>
    		<security:authentication-provider ref="vasmAuthenticationProvider"/>
    	</security:authentication-manager>
    
    </beans>

    Here
    "VasmAuthenticationProvider" implements AuthenticationProvider.

    Any help with regards to the necessary xml formatting would be most appreciated,

    With thanks,
    Mario

  • #2
    xml so far

    Here is my xml thus far. Note I am only trying to use a custom WebAuthenticationDetails in order to obtain the real IP.

    Code:
    <security:http access-decision-manager-ref="msdpAccessDecisionManager" create-session="never" 
    entry-point-ref="myBasicAuthFilterEntryPoint">
    		<security:http-basic/>
    		<security:intercept-url pattern="/services/rest/**"
     		<security:custom-filter position="FIRST" ref="myBasicAuthFilter" />
    	</security:http>
    
    	<security:authentication-manager>
    		<security:authentication-provider ref="vasmAuthenticationProvider"/>		
    	</security:authentication-manager>
    	
    
    	<bean id="myBasicAuthFilterEntryPoint"
                class="org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint">  
            <property name="realmName" value="Spring Security Application" />
        </bean>
    	
    	<bean id="myManager" class="com.rp.central.security.VasmAuthenticationManager"/>														
    	
    	<bean id="myFilter" class="com.rp.central.security.VasmAuthenticationFilter"/>
    
        <bean id="myBasicAuthFilter"
            class="org.springframework.security.web.authentication.www.BasicAuthenticationFilter">
            <property name="authenticationDetailsSource" ref="myFilter" />
            <property name="authenticationManager" ref="myManager" />
            <property name="authenticationEntryPoint" ref="myBasicAuthFilterEntryPoint" />
        </bean>
    The java code does get called:

    My Provider (this does the authentication):
    Code:
    @Service("vasmAuthenticationProvider") 
    public class VasmAuthenticationProvider implements AuthenticationProvider
    My Manager:
    Code:
    @Service("vasmAuthenticationManager") 
    public class VasmAuthenticationManager implements AuthenticationManager
    My WebAuthenticationDetailsSource:
    Code:
    public class VasmAuthenticationFilter extends WebAuthenticationDetailsSource
    My WebAuthenticationDetails:
    Code:
    My public class VasmWebAuthenticationDetails  extends WebAuthenticationDetails
    Anyhow they all get called, but this looks a bit over-the-top, I'm unsure why I need both a manager and a provider. The provider is used for authentication purposes.

    From its

    Code:
    @Override 
    public Authentication authenticate
    method, if I try to obtain My VasmWebAuthenticationDetails

    Code:
    @Override 
    	public Authentication authenticate(Authentication attempt) throws AuthenticationException {
    
    UsernamePasswordAuthenticationToken auth = (UsernamePasswordAuthenticationToken) attempt;
    
    VasmWebAuthenticationDetails details = (VasmWebAuthenticationDetails) auth.getDetails();
    it fails with

    org.springframework.security.web.authentication.We bAuthenticationDetails cannot be cast to com.rp.central.security.VasmWebAuthenticationDetai ls

    If I simply change the cast above to a

    WebAuthenticationDetails

    instead it works, but of course that's not what I want I want my details in order to keep the original HttpServletRequest request....

    Comment

    Working...
    X