Announcement Announcement Module
Collapse
No announcement yet.
PreAuthentication and login form Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • PreAuthentication and login form

    Hi all,

    I am currently working on a JEE webapp using SS.

    Users are previously logged in on ather app and should send a GET parameter containing a token to identify themselves on my app.

    Example : to authenticate, the user click on this kind of link : hxxp://myapp.domain/login?user_token=123456789

    Then, i use the token in my webapp to fetch user data from a Web service.

    I wrote a custom preauth filter (extending AbstractPreAuthenticatedProcessingFilter) wich is taking the user_token GET parameter, then I use a custom UserDetailsService to call the web service and get user data.

    Everything is working fine except... that SS display the login box after authentication.

    I think it may because I should disactivate some default filters like "DefaultLoginPageGeneratingFilter".

    Am I right ? Do you have some better ideas to do that ?

    Here are the contents of my log file :

    Code:
    No SecurityContext was available from the HttpSession: null. A new one will be created.
    /spring_security_login?user_ws_token=test at position 2 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
    /spring_security_login?user_ws_token=test at position 3 of 12 in additional filter chain; firing Filter: 'workflowRequestParamAuthenticationFilter'
    Checking secure context token: null
    preAuthenticatedPrincipal = test, trying to authenticate
    Authentication attempt using org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider
    PreAuthenticated authentication request: org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken@ffc8aa79: Principal: test; Credentials: [PROTECTED]; Authenticated: false; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffffc434: RemoteIpAddress: 172.17.4.2; SessionId: null; Not granted any authorities
    XXXXXXXXXXX LOADING USER BY TOKEN = 123456789
    Authentication success: org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken@89a8: Principal: xxx.model.user.User@151981a; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffffc434: RemoteIpAddress: 172.17.4.2; SessionId: null; Granted Authorities: xxx.utils.security.workflowUserDetailsService$1@1500082
    /spring_security_login?user_ws_token=test at position 4 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
    /spring_security_login?user_ws_token=test at position 5 of 12 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter'
    HttpSession being created as SecurityContext is non-default
    Failed to create a session, as response has been committed. Unable to store SecurityContext.
    SecurityContextHolder now cleared, as request processing completed
    Here is my web.xml:

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    		xmlns="http://java.sun.com/xml/ns/javaee" 
    		xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" 
    		xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" 
    		version="2.5"
    		>
    
     <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
        	/WEB-INF/applicationContext.xml
    	/WEB-INF/springSecurity.xml
    	</param-value>
      </context-param>
    
    
      <!-- Servlets -->
      <servlet>
        <servlet-name>greetServlet</servlet-name>
        <servlet-class>xxx.provider.server.GreetingMeServiceImpl</servlet-class>
      </servlet>
      
      <servlet-mapping>
        <servlet-name>greetServlet</servlet-name>
        <url-pattern>/test_google/greet</url-pattern>
      </servlet-mapping>
      
      <!-- Default page to serve -->
      <welcome-file-list>
        <welcome-file>Test_google.html</welcome-file>
      </welcome-file-list>
      
       <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
      </filter>
      
      <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <!-- <filter-name>filterChainProxy</filter-name> -->
        <url-pattern>/*</url-pattern>
      </filter-mapping>
        <listener>
            <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
        </listener>
        <listener>
        	<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
        </listener>
        
        
    </web-app>
    Here is my springSecurity.xml

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns="http://www.springframework.org/schema/beans"
    	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    	xmlns:security="http://www.springframework.org/schema/security"
    	xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd">
    	
    	<security:http auto-config='true'>
    		<security:intercept-url pattern="/**" access="ROLE_USER" />	
            <security:logout invalidate-session="true"/>
            <security:custom-filter position="PRE_AUTH_FILTER" ref="workflowFilter" />
    	</security:http>
    
    	<security:authentication-manager alias="authenticationManager">
    	      <security:authentication-provider ref="preauthAuthProvider" />
    	</security:authentication-manager>
    
    
    	<security:global-method-security pre-post-annotations="enabled" />
    	
    	
    
    </beans>
    Anf finally my applicationContext.xml:

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns="http://www.springframework.org/schema/beans"
    	xmlns:osgi="http://www.springframework.org/schema/osgi"
    	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    	xmlns:context="http://www.springframework.org/schema/context"
    	xsi:schemaLocation="http://www.springframework.org/schema/beans 
    	http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    	http://www.springframework.org/schema/context 
    	http://www.springframework.org/schema/context/spring-context-3.0.xsd
    	">
    	<!-- SS services -->
    	<bean id="userDetailsService" class="xxx.utils.security.workflowUserDetailsService"></bean>
    	
       <bean id="workflowFilter" class="xxx.utils.security.workflowRequestParamAuthenticationFilter">
        <property name="authenticationManager" ref="authenticationManager" />
      </bean>
    
      <bean id="preauthAuthProvider" class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
        <property name="preAuthenticatedUserDetailsService">
          <bean id="userDetailsServiceWrapper" class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
            <property name="userDetailsService" ref="userDetailsService"/>
          </bean>
        </property>
       </bean>
    </beans>
    Thanks !
Working...
X