Announcement Announcement Module
Collapse
No announcement yet.
Configuring Pre-Authentication in Spring Security 3.1.0 Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Configuring Pre-Authentication in Spring Security 3.1.0

    Hi!

    I'm trying to configure pre-authentication in my webapp using Spring Security 3.1.0 but having some issues.

    I've been searching the internet and found a couple of examples, that nearly work, but something is missing.

    I want to authenticate with an LDAP provider in our Weblogic server using j_security_check, and then grant the roles within my app.

    It looks like the authentication is going fine, but then I face two problems:

    Once the authentication succeeds, I'm not getting redirected anywhere. Where should I specify that once authenticated, I should go to some URL?
    My AuthenticationUserDetailsService is never getting called.

    Here are my spring-security.xml

    Code:
    <beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" 
    xmlns:security="http://www.springframework.org/schema/security"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schem...-beans-3.0.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.1.xsd">
    
    <http auto-config="false" use-expressions="true" entry-point-ref="preAuthenticatedProcessingFilterEntryPoint">
        <intercept-url pattern="/login/**" access="permitAll"/>
        <intercept-url pattern="/**" access="ROLE_USER" />
        <custom-filter position="PRE_AUTH_FILTER" ref="preAuthFilter"/>
    
    </http>
    
    <beans:bean id="inMemoryAuthenticationUserDetailsService"
               class="myapp.web.authentication.CustomAuthenticationUserDetailsService"/>
    
    <beans:bean id="preAuthenticatedProcessingFilterEntryPoint"
                class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint"/>
    
    <beans:bean id="preAuthenticatedAuthenticationProvider"
                class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
        <beans:property name="preAuthenticatedUserDetailsService" ref="inMemoryAuthenticationUserDetailsService"/>
    </beans:bean>
    
    <beans:bean id="simpleAttributes2GrantedAuthoritiesMapper"
                class="org.springframework.security.core.authority.mapping.SimpleAttributes2GrantedAuthoritiesMapper">
        <beans:property name="attributePrefix" value=""/>
    </beans:bean>
    
    <beans:bean id="webXmlMappableAttributesRetriever"
                class="org.springframework.security.web.authentication.preauth.j2ee.WebXmlMappableAttributesRetriever"/>
    
    <beans:bean id="j2eeBasedPreAuthenticatedWebAuthenticationDetailsSource"
                class="org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource">
        <beans:property name="mappableRolesRetriever" ref="webXmlMappableAttributesRetriever"/>
        <beans:property name="userRoles2GrantedAuthoritiesMapper" ref="simpleAttributes2GrantedAuthoritiesMapper"/>
    </beans:bean>
    
    <beans:bean id="preAuthFilter"
                class="org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthenticatedProcessingFilter">
        <beans:property name="authenticationManager" ref="appControlAuthenticationManager"/>
        <beans:property name="authenticationDetailsSource"
                        ref="j2eeBasedPreAuthenticatedWebAuthenticationDetailsSource"/>
    </beans:bean>
    
    <authentication-manager alias="appControlAuthenticationManager">
        <authentication-provider ref="preAuthenticatedAuthenticationProvider"/>
    </authentication-manager>
    my web.xml

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <web-app id="WebApp_ID" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
    <display-name>Penelope11g</display-name>
    
    <welcome-file-list>
        <welcome-file>/jsp/index.jsp</welcome-file>
    </welcome-file-list>
    
    <servlet>
        <servlet-name>spring</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>
    
    <servlet-mapping>
        <servlet-name>spring</servlet-name>
        <url-pattern>*.html</url-pattern>
    </servlet-mapping>
    
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
            /WEB-INF/spring-servlet.xml,
            /WEB-INF/spring-security.xml
        </param-value>
    </context-param>
    
    <listener>
        <listener-class>
            org.springframework.web.context.ContextLoaderListener
        </listener-class>
    </listener> 
    
    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>
         org.springframework.web.filter.DelegatingFilterProxy
        </filter-class>
    </filter> 
    
    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/jsp/*</url-pattern>
    </filter-mapping>
    
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>All Content</web-resource-name>
            <url-pattern>/jsp/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>ROLE_USER</role-name>
        </auth-constraint>
    </security-constraint>
    
    <login-config>
        <auth-method>FORM</auth-method>
        <realm-name>DEFAULT</realm-name>
        <form-login-config>
            <form-login-page>/login/login.jsp</form-login-page>
            <form-error-page>/login/errorLogin.jsp</form-error-page>
        </form-login-config>
    </login-config>
    
    <security-role>
        <role-name>ROLE_USER</role-name>
    </security-role>
    <security-role>
        <role-name>ROLE_ADMIN</role-name>
    </security-role>
    and my login.jsp

    Code:
    <!DOCTYPE HTML>
    <%@ page language="java" contentType="text/html;charset=ISO-8859-1"%>
    <%@taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
    <c:set var="path" value="${request.contextPath}" scope="request"/>
    <html>
        <head>
        <title>Penelope: Login</title>
        <link type="text/css" href="../css/default/easyui.css" rel="stylesheet" />
        <link type="text/css" href="../css/icon.css" rel="stylesheet" />
        <script type="text/javascript" src="../js/jquery-1.7.2.min.js"></script>
        <script type="text/javascript" src="../js/jquery.easyui.min.js"></script>
        <script>
        $(document).ready(function() {
            $('#ventanaLogin').dialog({  
                modal:true,
                draggable:false,
                closable:false,
                height:250,
                width:300,
                buttons:[{
                    text:'Aceptar',
                    iconCls:'icon-ok',
                    handler:function(){
                        $("#loginForm").submit();
                    }
                }]
            }); 
    
            $("html").keydown(function(e){
                if(e.keyCode == '13')
                {
                    $("#loginForm").submit();
                }
            });
        });
        </script>
    </head>
    <body>
        <div id="ventanaLogin" title="Login">  
            <form action="../j_security_check" id="loginForm" method="post">
                <table style="margin:30px;">
                    <tr>
                        <td><label>Username</label></td>
                        <td><input type="text" id="usuario" name="j_username" tabindex="1"/></td>
                    </tr>
                    <tr>
                        <td><label>Password</label></td>
                        <td><input type="password" id="clave" name="j_password" tabindex="2"/></td>
                    </tr>
                </table>
            </form>
        </div>      
    </body>
    Hope that's info enough to get some help. Thanks!!

  • #2
    you an try with adding authenticationSuccessHandler property in "preAuthFilter".


    Code:
    <beans:bean id="preAuthFilter"
    class="org.springframework.security.web.authentica tion.preauth.j2ee.J2eePreAuthenticatedProcessingFi lter">
    <beansroperty name="authenticationManager" ref="appControlAuthenticationManager"/>
    <beansroperty name="authenticationDetailsSource"
    ref="j2eeBasedPreAuthenticatedWebAuthenticationDet ailsSource"/>
    
    <beansroperty name="authenticationSuccessHandler"
    ref="successHandler" />
    
    </beans:bean>
    
    <beans:bean id="successHandler"
    class="org.springframework.security.web.authentica tion.SavedRequestAwareAuthenticationSuccessHandler ">
    <beansroperty name="defaultTargetUrl" value="/welcome" />
    </beans:bean>

    Comment


    • #3
      Originally posted by carcaret View Post
      Once the authentication succeeds, I'm not getting redirected anywhere. Where should I specify that once authenticated, I should go to some URL?
      If you are performing pre authentication, the hook cannot be associated to Spring Security since it is not involved in the authentication process.

      Originally posted by carcaret View Post
      My AuthenticationUserDetailsService is never getting called.
      What do the debug logs look like? It only attempts to authenticate if the principal returned by getPreAuthenticatedPrincipal() is non null.

      Comment

      Working...
      X