Announcement Announcement Module
Collapse
No announcement yet.
Custom security filter. Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Custom security filter.

    I have created my own Filter, Provider and Authentication manager. Now I am trying to hook them up in my program.

    My bean configuration file looks like
    Code:
    	<bean id="securityFilterChain" class="org.springframework.security.web.FilterChainProxy">
    		<constructor-arg>
    			<list>
    				<security:filter-chain pattern="/**" filters="authFilter" />
    			</list>
    		</constructor-arg>
    	</bean>
    
    	<bean id="authFilter" class="com.secure.provider.OpenAuthenticationFilter">
    		<property name="authenticationManager" ref="authManager" />
    	</bean>
    	<bean id="authManager" class="com.secure.provider.OpenAuthenticationManager">
    		<constructor-arg>
    			<list>
    				<ref bean="xmlAuthProvider" />
    			</list>
    		</constructor-arg>
    	</bean>
    
    	<bean id="xmlAuthProvider" class="com.secure.provider.OpenXMLAuthenticationProvider">
    		<constructor-arg index="0">
    			<value>"classpath:configurations/UserConfig.xml"</value>
    		</constructor-arg>
    	</bean>
    In my web.xml

    Code:
    <filter>
    		<filter-name>securityFilterChain</filter-name>
    		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    	</filter>
    
    	<filter-mapping>
    		<filter-name>securityFilterChain</filter-name>
    		<url-pattern>/*</url-pattern>
    		<dispatcher>REQUEST</dispatcher>
    		<dispatcher>FORWARD</dispatcher>
    	</filter-mapping>
    In my implementation for filter
    Code:
    public class OpenAuthenticationFilter extends
    		AbstractAuthenticationProcessingFilter {
    	private final static String USERNAME_KEY = "username";
    	private final static String PASSWORD_KEY = "password";
    
    	private final static String ACTION_URL = "/process_credentials";
    
    	private String usernameParameter = USERNAME_KEY;
    	private String passwordParameter = PASSWORD_KEY;
    
    	protected OpenAuthenticationFilter() {
    		super(ACTION_URL);
    	}
    
    	@Override
    	public Authentication attemptAuthentication(HttpServletRequest request,
    			HttpServletResponse response) throws AuthenticationException,
    			IOException, ServletException {
    
    		if (!request.getMethod().equals("POST")) {
    			throw new AuthenticationServiceException(
    					"Authentication method not supported: "
    							+ request.getMethod());
    		}
    
    		/**
    		 * Time to get the user name and password details in the token
    		 */
    		String username = (String) request.getAttribute(usernameParameter);
    		String password = (String) request.getAttribute(passwordParameter);
    
    		/**
    		 * Trimmed user name
    		 */
    		OpenAuthenticationToken authentication = new OpenAuthenticationToken(
    				username.trim(), password);
    
    		/**
    		 * More information about the object in details
    		 */
    		authentication.setDetails(request);
    
    		return this.getAuthenticationManager().authenticate(authentication);
    	}
    }
    I guess I am still missing something to complete the hooking from any login page that shall post to the /process_credentials URI.


    Totally lost, can someone help?
    - Saurabh

  • #2
    Handler - Request Mapping not found.

    What I confirmed by enabling debug is that the Handler was not found.

    DEBUG org.springframework.web.servlet.mvc.method.annotat ion.RequestMappingHandlerMapping - Did not find handler method for [/process_credentials]

    Comment


    • #3
      Got it!

      Found the solution, the debug was actually showing me what was missing and finally corrected the intercecpt URL defined for the filter chain and it now works!!

      Comment

      Working...
      X