Announcement Announcement Module
Collapse
No announcement yet.
AuthenticationCredentialsNotFoundException: An Authentication object was not found in Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • AuthenticationCredentialsNotFoundException: An Authentication object was not found in

    This error trigger in the class AbstractSecurityInterceptor in the following lines:

    Code:
    if (SecurityContextHolder.getContext().getAuthentication() == null) {
                credentialsNotFound(messages.getMessage("AbstractSecurityInterceptor.authenticationNotFound",
                        "An Authentication object was not found in the SecurityContext"), object, attributes);
            }
    This is my file configuration of spring security
    Code:
    <?xml version="1.0" encoding="ISO-8859-1"?>
    
    <beans:beans 
    	xmlns="http://www.springframework.org/schema/security"
        xmlns:beans="http://www.springframework.org/schema/beans"
        xmlns:util="http://www.springframework.org/schema/util"
        xmlns:p="http://www.springframework.org/schema/p"  
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation=
        	"http://www.springframework.org/schema/beans 
        	http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
    		http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.1.xsd
    		http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
    	<debug/>
        <!-- <global-method-security pre-post-annotations="enabled" /> -->
    
        <beans:bean id="accessDeniedHandler" class="org.springframework.security.web.access.AccessDeniedHandlerImpl">
    		<beans:property name="errorPage" value="/login.xhtml"/>
    	</beans:bean>
    	
    	<beans:bean id="roleHierarchy"	class="com.indra.contratos.application.security.RolApplicationService"/>
    	
    	<beans:bean id="rolApplicationService" class="com.indra.contratos.application.security.RolApplicationService" />
    	
    	<beans:bean id="roleHierarchyVoter" class="org.springframework.security.access.vote.RoleHierarchyVoter">
    		<beans:constructor-arg ref="roleHierarchy" />
    		<beans:property name="rolePrefix" value="" />
        </beans:bean>
    
    	<beans:bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
           <beans:constructor-arg>
               <beans:list>
                    <beans:ref bean="roleHierarchyVoter"/>
               </beans:list>
           </beans:constructor-arg>
        </beans:bean>
        
    	<!-- <beans:bean id="customLogoutSuccessHandler" class="com.indra.contratos.application.security.CustomLogoutSuccessHandler"/> -->
    
    	<beans:bean id="securityMetadataSource" class="com.indra.contratos.application.security.InterceptorApplicationService"/>
    	
    	<beans:bean id="filterSecurityInterceptor"
    	     class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
    	  <beans:property name="authenticationManager" ref="authenticationManager"/>
    	  <beans:property name="accessDecisionManager" ref="accessDecisionManager"/>
    	  <beans:property name="securityMetadataSource" ref="securityMetadataSource"/>
    	</beans:bean>
    	
        <http auto-config="false" 
        	authentication-manager-ref="authenticationManager"
        	access-decision-manager-ref="accessDecisionManager"
        	entry-point-ref="authenticationEntryPoint"
        	use-expressions="true"
        	>
            
            <custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter" />
            <custom-filter position="FORM_LOGIN_FILTER" ref="myAuthFilter" />
            <!-- <custom-filter ref="customFilterChain" before="LAST"/> -->
            <!-- <custom-filter position="BASIC_AUTH_FILTER" ref="basicAuthenticationFilter" /> -->
            <!-- <custom-filter position="FILTER_SECURITY_INTERCEPTOR" ref="filterSecurityInterceptor" /> -->
            <!-- <intercept-url pattern="/resources/**" filters="none"/>
            <intercept-url pattern="/javax.faces.resource/**" filters="none"/> -->
    		<!-- <intercept-url pattern="/login.xhtml" access="hasPermission('IS_AUTHENTICATED_ANONYMOUSLY')"/>
    		<intercept-url pattern="/l/**" access="hasPermission('IS_AUTHENTICATED_ANONYMOUSLY')"/> -->
    		<!-- <intercept-url pattern="/a1/**" access="hasPermission('SYS_ADMIN')"/> --> 
    		<access-denied-handler ref="accessDeniedHandler"/>
    		
            <!-- <form-login login-page="/pages/login.xhtml" authentication-failure-url="/pages/failed.xhtml" /> --> 
            
            <!-- <logout delete-cookies="true"  invalidate-session="true" 
                success-handler-ref="customLogoutSuccessHandler"/> -->
            
            <session-management session-authentication-strategy-ref="sas" >
                <!-- <concurrency-control max-sessions="1" error-if-maximum-exceeded="true" session-registry-alias="sessionRegistry"/> -->
            </session-management> 
    
        </http>
        
        <beans:bean id="basicAuthenticationFilter"
    	  class="org.springframework.security.web.authentication.www.BasicAuthenticationFilter">
    	  <beans:property name="authenticationManager" ref="authenticationManager"/>
    	  <beans:property name="authenticationEntryPoint" ref="authenticationEntryPoint"/>
    	</beans:bean>
        
        <beans:bean id="authenticationEntryPoint"  
            class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint"
            p:loginFormUrl="/login.xhtml" />
    
        <beans:bean id="myAuthFilter" 
            class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
      		<beans:property name="sessionAuthenticationStrategy" ref="sas" />
      		<beans:property name="authenticationManager" ref="authenticationManager" />
      		<beans:property name="filterProcessesUrl" value="/j_spring_security_check"/> 
    	</beans:bean>
        
        <beans:bean id="concurrencyFilter"
    		class="org.springframework.security.web.session.ConcurrentSessionFilter">
    		<beans:property name="sessionRegistry" ref="sessionRegistry" />
    		<beans:property name="expiredUrl" value="/login.xhtml" />
    	</beans:bean>
    	
    	<beans:bean id="securityContextPersistenceFilter"
    	    class="org.springframework.security.web.context.SecurityContextPersistenceFilter">
    	  <beans:property name='securityContextRepository'>
    	    <beans:bean class='org.springframework.security.web.context.HttpSessionSecurityContextRepository'>
    	      <beans:property name='allowSessionCreation' value='false' />
    	    </beans:bean>
    	  </beans:property>
    	</beans:bean>
        
        <beans:bean id="sas" 
            class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
    	  	<beans:constructor-arg name="sessionRegistry" ref="sessionRegistry" />
    	  	<beans:property name="maximumSessions" value="1" />
    	</beans:bean>
    	
    	<beans:bean id="sessionRegistry"
    	    class="org.springframework.security.core.session.SessionRegistryImpl" /> 
    
    	<beans:bean id="passwordEncoder" 
    	    class="org.springframework.security.authentication.encoding.Md5PasswordEncoder" />
    	
    	<beans:bean id="authService" 
    	    class="com.indra.contratos.application.security.UserApplicationService" />
    	    
    	
        <authentication-manager alias="authenticationManager" >
            <authentication-provider user-service-ref="authService"> 
                <password-encoder ref="passwordEncoder" />
    			<!-- <jdbc-user-service data-source-ref="dataSource" />  -->
            </authentication-provider>
        </authentication-manager>
        
    	<beans:bean id="customFilterChain" class="org.springframework.security.web.FilterChainProxy">
    	  <beans:constructor-arg>
    	    <beans:list>
    	      <filter-chain pattern="/pages/accessDenied.xhtml" filters="none"/>
    	      <filter-chain pattern="/login.xhtml" filters="none"/>
    		  <filter-chain pattern="/l/" filters="none"/>
    		  <filter-chain pattern="/resources/**" filters="none"/>
    		  <filter-chain pattern="/javax.faces.resource/**" filters="none"/>
    	      <filter-chain pattern="/**" filters="
    	           filterSecurityInterceptor,
    	           securityContextPersistenceFilter,
    	           basicAuthenticationFilter,
    	           concurrencyFilter,
    	           myAuthFilter" />
    	    </beans:list>
    	  </beans:constructor-arg>
    	</beans:bean>
    	
    </beans:beans>

  • #2
    I'm guessing you are using customFilterChain which is has the incorrect ordering for your Filters. See the reference for the expected ordering.

    Comment


    • #3
      Originally posted by Rob Winch View Post
      I'm guessing you are using customFilterChain which is has the incorrect ordering for your Filters. See the reference for the expected ordering.
      Is neccesary implement all filters?

      Comment


      • #4
        No only the ones provided by <http>, but the ordering is critical.

        Comment


        • #5
          Originally posted by Rob Winch View Post
          No only the ones provided by <http>, but the ordering is critical.
          I have ordered my customFilterChain.

          Code:
          <beans:bean id="customFilterChain" class="org.springframework.security.web.FilterChainProxy">
          	  <beans:constructor-arg>
          	    <beans:list>
          	      <filter-chain pattern="/pages/accessDenied.xhtml" filters="none"/>
          	      <filter-chain pattern="/login.xhtml" filters="none"/>
          		  <filter-chain pattern="/l/" filters="none"/>
          		  <filter-chain pattern="/resources/**" filters="none"/>
          		  <filter-chain pattern="/javax.faces.resource/**" filters="none"/>
          	      <filter-chain pattern="/**" filters="
          	      	   securityContextPersistenceFilter,
          	      	   concurrencyFilter,
          	           myAuthFilter,
          	           basicAuthenticationFilter,
          	           exceptionTranslationFilter,
          	           filterSecurityInterceptor" />
          	    </beans:list>
          	  </beans:constructor-arg>
          	</beans:bean>
          And my <http> is these:

          Code:
          <http auto-config="false" 
              	entry-point-ref="authenticationEntryPoint">
                  
          </http>
          Before, the login page have redirected me to page with error and exceptions. Now, don't redirect me to anything page...But still It generates exceptions

          Code:
          DEBUG org.springframework.security.web.access.ExceptionTranslationFilter  - Authentication exception occurred; redirecting to authentication entry point
           org.springframework.security.authentication.AuthenticationCredentialsNotFoundException: An Authentication object was not found in the SecurityContext
          	at org.springframework.security.access.intercept.AbstractSecurityInterceptor.credentialsNotFound(AbstractSecurityInterceptor.java:339)
          	at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:198)
          	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:115)
          	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
          	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
          	at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
          	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
          	at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150)
          	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
          	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:183)
          	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
          	at org.springframework.security.web.session.ConcurrentSessionFilter.doFilter(ConcurrentSessionFilter.java:125)
          	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
          	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
          	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
          	at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
          	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
          	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
          	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
          	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
          	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
          	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
          	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
          	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
          	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
          	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
          	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
          	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:861)
          	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:606)
          	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
          	at java.lang.Thread.run(Unknown Source)

          Comment


          • #6
            Let's start at the beginning...

            Why are you trying to use customFilterChain instead of using <http>? Generally speaking this is discouraged as it will complicate your configuration quite a bit.

            Is there a reason you have <http> and customFilterChain?

            What does your web.xml look like? The reason I ask is with a default web.xml setup I do not see how you have integrated the customFilterChain with your application.

            PS Receiving stacktraces in Debug level when sending you to the login page is expected behavior
            Last edited by Rob Winch; Mar 19th, 2013, 10:33 AM.

            Comment


            • #7
              Originally posted by Rob Winch View Post
              Let's start at the beginning...

              Why are you trying to use customFilterChain instead of using <http>? Generally speaking this is discouraged as it will complicate your configuration quite a bit.

              Is there a reason you have <http> and customFilterChain?

              What does your web.xml look like? The reason I ask is with a default web.xml setup I do not see how you have integrated the customFilterChain with your application.
              I only wanted to use FilterSecurityInterceptor for load Interceptors dynamically from DB. I have guided from here

              Comment


              • #8
                See if this post on stackoverflow helps http://stackoverflow.com/questions/8...sing-sql-query

                Comment


                • #9
                  Originally posted by Rob Winch View Post
                  See if this post on stackoverflow helps http://stackoverflow.com/questions/8...sing-sql-query
                  I jus read the post but I don't understand where in the xml file of configuration I must invoke to BeanPostProcessor

                  PD: I have implemented my custom FilterInvocationSecurityMetadataSource

                  Comment


                  • #10
                    The answer creates a custom FilterInvocationSecurityMetadataSource (which you have already done). It uses the BeanPostProcessor so that you can stick with the namespace configuration. You should be able to use the same solution which will be much easier and more concise than deviating from the namespace configuration.

                    If you wish to stick down a manual configuration (I don't recommend this), then please answer my other questions.

                    Comment


                    • #11
                      Originally posted by Rob Winch View Post
                      The answer creates a custom FilterInvocationSecurityMetadataSource (which you have already done). It uses the BeanPostProcessor so that you can stick with the namespace configuration. You should be able to use the same solution which will be much easier and more concise than deviating from the namespace configuration.

                      If you wish to stick down a manual configuration (I don't recommend this), then please answer my other questions.
                      Trying to follow the example. My XML file configuration have changed: I've removed custom configuration filter and I've left as before

                      Code:
                      <http auto-config="false" 
                          	entry-point-ref="authenticationEntryPoint"
                      		access-decision-manager-ref="accessDecisionManager"
                          	>
                              
                              <custom-filter position="CONCURRENT_SESSION_FILTER" ref="..." />
                              <custom-filter position="FORM_LOGIN_FILTER" ref="..." /> 
                              
                              
                              <session-management session-authentication-strategy-ref="sas" />
                          </http>
                      Apparently my custom implemented FilterInvocationSecurityMetadataSource is recognized for Spring Security. But, now I get following errors:

                      Code:
                      DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor  - Secure object: FilterInvocation: URL: /a1/; Attributes: [SYS_ADMIN]
                       DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor  - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@6faba4dc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffed504: RemoteIpAddress: 127.0.0.1; SessionId: D1F82BD21D41D908E3F767CB105445BA; Granted Authorities: ROLE_ANONYMOUS
                       DEBUG org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl  - getReachableGrantedAuthorities() - From the roles [ROLE_ANONYMOUS] one can reach [ROLE_ANONYMOUS] in zero or more steps.
                       DEBUG org.springframework.security.access.vote.AffirmativeBased  - Voter: [email protected]ec, returned: -1
                       DEBUG org.springframework.security.web.access.ExceptionTranslationFilter  - Access is denied (user is anonymous); redirecting to authentication entry point
                       org.springframework.security.access.AccessDeniedException: Access is denied
                      	at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:83)
                      	at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:206)
                      	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:115)
                      	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
                      	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
                      	at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
                      	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
                      	at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
                      	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
                      	at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
                      	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
                      	at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
                      	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
                      	at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
                      	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
                      	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:183)
                      	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
                      	at org.springframework.security.web.session.ConcurrentSessionFilter.doFilter(ConcurrentSessionFilter.java:125)
                      	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
                      	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
                      	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
                      	at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
                      	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
                      	at org.springframework.security.config.debug.DebugFilter.invokeWithWrappedRequest(DebugFilter.java:69)
                      	at org.springframework.security.config.debug.DebugFilter.doFilter(DebugFilter.java:58)
                      	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
                      	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
                      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
                      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
                      	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
                      	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
                      	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
                      	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
                      	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
                      	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
                      	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:861)
                      	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:606)
                      	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
                      	at java.lang.Thread.run(Unknown Source)
                      It should be noted that my app loads roles dynamycally from DB (Apparently there is a problem here)

                      It's is my configuration for loading the roles from DB:

                      Code:
                      <beans:bean id="roleHierarchy"	class="customRol"/>
                      	<beans:bean id="roleHierarchyVoter" class="org.springframework.security.access.vote.RoleHierarchyVoter">
                      		<beans:constructor-arg ref="roleHierarchy" />
                      		<beans:property name="rolePrefix" value="" />
                          </beans:bean>
                      
                      	<beans:bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
                             <beans:constructor-arg>
                                 <beans:list>
                                      <beans:ref bean="roleHierarchyVoter"/>
                                 </beans:list>
                             </beans:constructor-arg>
                          </beans:bean>
                      It's class customRol:

                      Code:
                      public class CustomRol extends RoleHierarchyImpl{
                      
                      	
                      	@PostConstruct
                      	public void init(){
                               //load Roles from db
                               //Set list roles loaded from DB
                               setHierarchy(listRolesHierarchy);
                              }
                      Which do you think is the problem?

                      Comment


                      • #12
                        The stacktrace stating that you are not authenticated is normal behavior if you have not yet authenticated. Try logging in.

                        Comment


                        • #13
                          Originally posted by Rob Winch View Post
                          The stacktrace stating that you are not authenticated is normal behavior if you have not yet authenticated. Try logging in.
                          Apparently I don't explain me fine. This error comes when you try to authenticate

                          Comment


                          • #14
                            Ahh...sorry for the misunderstanding. Based upon the logs it appears you are submitting to /a1/. Are you certain that is what your custom FORM_LOGIN_FILTER filter is listening to? Does your custom FORM_LOGIN_FILTER try to authenticate? I ask because typically the provided filter listens to /j_spring_security_check, so if your filter extends the default and is not configured to do so it will not try to authenticate.

                            If none of that helps, can you share the code for this?

                            Comment


                            • #15
                              Originally posted by Rob Winch View Post
                              Ahh...sorry for the misunderstanding. Based upon the logs it appears you are submitting to /a1/. Are you certain that is what your custom FORM_LOGIN_FILTER filter is listening to? Does your custom FORM_LOGIN_FILTER try to authenticate? I ask because typically the provided filter listens to /j_spring_security_check, so if your filter extends the default and is not configured to do so it will not try to authenticate.

                              If none of that helps, can you share the code for this?
                              Well., Explain more detailed my code. My webapp is implemented with JSF - (Spring - Spring Security) - Mybatis

                              First, There is a JSF class Login Controller with login method. This method is called for a jsf button and return a String that redirect to other page

                              Code:
                              public String login(){
                              		if(loginBusiness.login(username, password))
                              			return "success";
                              		else
                              			return "failed";
                              	}
                              In my class LoginBusinnessImpl (Implment interface LoginBusiness) has following:

                              Code:
                              @Resource(name = "authenticationManager")
                              	private AuthenticationManager authenticationManager;
                              
                              	public boolean login(String username, String password) {
                              
                              		try {
                              			Authentication authenticate = authenticationManager.authenticate(
                              					new UsernamePasswordAuthenticationToken(username, password));
                              			if (authenticate.isAuthenticated()) {
                              				SecurityContextHolder.getContext().setAuthentication(authenticate);	
                              				return true;
                              			}
                              		} catch (AuthenticationException e) {	
                              			
                              		}
                              		return false;
                              	}
                              I've configured my custom AuthentiucationManager so:

                              Code:
                              <authentication-manager alias="authenticationManager" >
                                      <authentication-provider user-service-ref="customService"> 
                                          <password-encoder ref="passwordEncoder" />
                              
                                      </authentication-provider>
                                  </authentication-manager>
                              customService referred to class that implements interface UserDetailsService. This class have a custom query for get users from database (This work fine).

                              I hope you can help me

                              Comment

                              Working...
                              X