Announcement Announcement Module
Collapse
No announcement yet.
PreAuthentication Filter asks for AuthenticationEntryPoint??? Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • PreAuthentication Filter asks for AuthenticationEntryPoint???

    I am trying to use PreAuthFilter (for Siteminder) with Spring Security 3.0.

    Code:
     <http  use-expressions="true">
            <intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')" />
            <intercept-url pattern="/403.jsp" access="permitAll" />
            <!-- Allow non-secure access to static resources  -->
            <intercept-url pattern="/css/**" filters="none" />
            <intercept-url pattern="/images/**" filters="none" />
    
            <custom-filter ref="siteminderFilter" position="PRE_AUTH_FILTER"/>
    
    <!--        <form-login  /> -->
            <logout logout-success-url="/index.jsp"/>
        </http>
    
        <beans:bean id="siteminderFilter" class="org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter">
            <beans:property name="principalRequestHeader" value="SM_USER"/>
            <beans:property name="authenticationManager" ref="authenticationManager" />
            <beans:property name="exceptionIfHeaderMissing" value="false"/>
        </beans:bean>
    
        <beans:bean id="AdminUserDetailsService" class="com.fw.security.auth.MyUserDetailsService">
        </beans:bean>
    
        <beans:bean id="preauthAuthProvider" class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
            <beans:property name="preAuthenticatedUserDetailsService">
                <beans:bean id="userDetailsServiceWrapper" class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
                    <beans:property name="userDetailsService" ref="AdminUserDetailsService"/>
                </beans:bean>
            </beans:property>
        </beans:bean>
    
        <authentication-manager alias="authenticationManager">
          <authentication-provider ref="preauthAuthProvider" />
        </authentication-manager>
    Above configuration fails with

    Code:
    org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: No AuthenticationEntryPoint could be established. Please make sure you have a login mechanism configured through the namespace (such as form-login) or specify a custom AuthenticationEntryPoint with the 'entry-point-ref' attribute 
    Offending resource: ServletContext resource [/WEB-INF/security-app-context.xml]

    1) How do I specify an AuthenticationEntryPoint???

    2) And is it really applicable for a PreAuthentication scenario???

  • #2
    For anyone interested one solution is to add the Http403ForbiddenEntryPoint in to do the job.

    Which would look something like this
    Code:
    <http  use-expressions="true" entry-point-ref="http403ForbiddenEntryPoint">
    ...
    <http>
    
     <beans:bean id="http403ForbiddenEntryPoint"
          class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint" />

    Comment

    Working...
    X