Announcement Announcement Module
Collapse
No announcement yet.
Big problems with adding/placing custom filter (Filter for forcing a password change) Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Big problems with adding/placing custom filter (Filter for forcing a password change)

    How can I get a custom ForcePwdChangeFilter working?

    If I add the filter, no page is shown and even the redirection to login page does not work, I get status 200 in the browser. If I just remove the line with the <custom-filter> everything is fine.
    I already specified the check and redirection in a LoginSuccesHandler. But to hinder the user to go to a different page instead of changing his password I implemented this filter additionally:

    Code:
    public class ForcePwdChangeFilter extends GenericFilterBean {
    
    
            @Override
    	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
    			ServletException {
                Authentication auth  = SecurityContextHolder.getContext().getAuthentication();
               if(auth != null) {  
                   // Never called before login page loaded
                  /* logic for password expired check which throws a RuntimeException which should be handled by the SimpleMappingExceptionResolver */ 
                        throw new PasswordExpiredException("msg_pwd_expired"); 
                  }
    }
    Code:
    <http servlet-api-provision="true" use-expressions="true" auto-config="false">
        	<anonymous/> ...
            <custom-filter position="BASIC_AUTH_FILTER"  ref="forcePwdChangeFilter"/>    
    </http>
    <debug />
    Code:
    <bean class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver" p:defaultErrorView="error">
            <property name="exceptionMappings">
                <props><prop key=".PasswordExpiredException">pwdchange/</prop></props>
            </property>
        </bean>
    I already tried several before, after and position settings but without any success. My FilterChain (without ForcePwdChangeFilter) looks like:
    ChannelProcessingFilter
    ConcurrentSessionFilter
    SecurityContextPersistenceFilter
    LogoutFilter
    UsernamePasswordAuthenticationFilter
    RequestCacheAwareFilter
    SecurityContextHolderAwareRequestFilter
    AnonymousAuthenticationFilter
    SessionManagementFilter
    ExceptionTranslationFilter
    FilterSecurityInterceptor
    Can someone explain the behaviour? What do I need to do to make this work (with the exception being resolved by the SimpleMappingExceptionResolver)?
    Last edited by Ninca7; Sep 10th, 2012, 01:16 PM.
Working...
X