Announcement Announcement Module
Collapse
No announcement yet.
Custom AuthenticationProcessingFilterEntryPoint Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Custom AuthenticationProcessingFilterEntryPoint

    Hi,
    i want to change the AuthenticationProcessingFilterEntryPoint to check if exists a cookie. If the cookie exists, i want to send its informations to the authentication manager. If the cookie doesn't exist, i want to show the form authentication.

    How can i do it ?

    Thanks a lot.

  • #2
    I'm not sure what your trying to do, but that just sounds like remember me authentication. This already exists, just check out the examples that ship with acegi. They demo using it.

    Comment


    • #3
      Originally posted by karldmoore View Post
      I'm not sure what your trying to do, but that just sounds like remember me authentication. This already exists, just check out the examples that ship with acegi. They demo using it.
      Now I using form authentication. But i want skip "form authentication" when exist a my coockie. And use for authentication process the info inside a coockie.

      Thanks a lot.

      Nietzsche.

      Comment


      • #4
        All I can say is, see previous statement. Again this said exactly like the remember me authentication. Have you had a look at the Acegi example? If not this should show you how to do it. If you have and still have questions, what are the questions?

        Comment


        • #5
          Pretty sure you would have to place RememberMeProcessingFilter before your form authentication filter for this to work. I assume this since you say you want the cookie to override any form authentication.

          It also seems you need the TokenBasedRememberMeServices and not the default NullRememberMeServices configured.

          The TokenBased definitely looks for a cookie and uses that for authentication unless the token is expired or simply doesn't exist (or if the user is not valid).

          This is under the providers.rememberme.* package.

          Comment


          • #6
            Originally posted by kellewic View Post
            Pretty sure you would have to place RememberMeProcessingFilter before your form authentication filter for this to work. I assume this since you say you want the cookie to override any form authentication.

            It also seems you need the TokenBasedRememberMeServices and not the default NullRememberMeServices configured.

            The TokenBased definitely looks for a cookie and uses that for authentication unless the token is expired or simply doesn't exist (or if the user is not valid).

            This is under the providers.rememberme.* package.
            I extends AuthenticationProcessingFilter and modify doFilter.

            If exist my custom cookie i run:

            Code:
            onPreAuthentication(httpRequest, httpResponse);
            Create my custom token

            Code:
            authRequest = new CustomAuthenticationToken(custominfo1, custominfo2));
            authRequest.setDetails(new WebAuthenticationDetails(httpRequest));
            authenticate my token

            Code:
            Authentication auth = this.getAuthenticationManager().authenticate(authRequest);
            Set context

            Code:
            SecurityContextHolder.getContext().setAuthentication(auth);
            and
            Code:
            successfulAuthentication(httpRequest, httpResponse, auth);
            If I have a error use.

            Code:
            unsuccessfulAuthentication(((HttpServletRequest) request), ((HttpServletResponse) response), authenticationException);

            Comment


            • #7
              Did you find an answer to this issue?

              Hi, Did you find an answer to this issue?

              Regards,

              David Castaneda

              Comment


              • #8
                Originally posted by kellewic View Post
                Pretty sure you would have to place RememberMeProcessingFilter before your form authentication filter for this to work. I assume this since you say you want the cookie to override any form authentication.
                This isn't correct. The authentication processing filter is only triggered by the form login url, so the order doesn't matter. See the contacts sample, for example.

                RememberMeProcessingFilter *is* used for cookie-based authentication but Nietzsche seems to be searching for meaning elsewhere :-).

                Comment


                • #9
                  Thanks a lot

                  Thanks a lot for this reply... Actually I make it work... without rememberme services as it seems to be too much overhead maybe I'm wrong right now I need to make it work but I'll review it again later and let you know....

                  Regards...


                  David Casta~eda

                  Comment


                  • #10
                    Originally posted by Luke View Post
                    RememberMeProcessingFilter *is* used for cookie-based authentication but Nietzsche seems to be searching for meaning elsewhere :-).
                    Glad I'm not alone on this one .

                    Comment


                    • #11
                      Originally posted by Luke View Post
                      This isn't correct. The authentication processing filter is only triggered by the form login url, so the order doesn't matter. See the contacts sample, for example.

                      RememberMeProcessingFilter *is* used for cookie-based authentication but Nietzsche seems to be searching for meaning elsewhere :-).
                      So if I have my site set up to automatically redirect to the login form (if there's no valid session) and this is placed before the RememberMe services, it will still work?

                      This redirection does not check for a cookie so I can't see how it would work. Granted, I'm not an expert in Acegi so I am more looking for verification than anything.

                      Thanks.

                      Comment


                      • #12
                        Originally posted by karldmoore View Post
                        Glad I'm not alone on this one .
                        I post my solution.

                        Code:
                        public class CustomAuthenticationProcessingFilter extends AuthenticationProcessingFilter {
                            private Logger logger = Logger.getLogger(getClass());
                        
                        
                            public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException {
                                if (!(request instanceof HttpServletRequest)) {
                                    throw new ServletException("Can only process HttpServletRequest");
                                }
                        
                                if (!(response instanceof HttpServletResponse)) {
                                    throw new ServletException("Can only process HttpServletResponse");
                                }
                                HttpServletRequest httpRequest = ((HttpServletRequest) request);
                                HttpServletResponse httpResponse = ((HttpServletResponse) response);
                        
                                if (httpRequest.getParameterMap().containsKey("myParamKey") &&
                                        httpRequest.getSession().getId() != null) {
                        
                                    httpRequest.getSession().setAttribute("myParamKey", "myParamKey");
                                    if (logger.isDebugEnabled()) {
                                        logger.debug("Request is to process authentication");
                                    }
                        
                                    Cookie[] cookies = ((HttpServletRequest) request).getCookies();
                                    Cookie mycookie = null;
                                    for (Cookie c : cookies) {
                                        if (c.getName().equalsIgnoreCase("MyCustomCookie") &&
                                                c.getMaxAge() < 0) {
                                            mycookie = c;
                                        }
                                    }
                                    if (mycookie != null ) {
                                        CustomAuthenticationToken authRequest = null;
                                        try {
                                            onPreAuthentication(httpRequest, httpResponse);
                                            authRequest = new CustomAuthenticationToken(httpRequest.getParameter("myParamKey"), httpRequest.getParameter("myParamKey"));
                                            authRequest.setInfo(mycookie.getValue());
                                            authRequest.setDetails(new WebAuthenticationDetails(httpRequest));
                                            setDetails(httpRequest, authRequest);
                                            Authentication auth = this.getAuthenticationManager().authenticate(authRequest);
                                            SecurityContextHolder.getContext().setAuthentication(auth);
                                            successfulAuthentication(httpRequest, httpResponse, auth);
                        
                                        } catch (AuthenticationException authenticationException) {
                                            if (logger.isDebugEnabled()) {
                                                logger.debug("my message", authenticationException);
                                            }
                        
                                            unsuccessfulAuthentication(((HttpServletRequest) request), ((HttpServletResponse) response), authenticationException);
                                        }
                        
                                        return;
                                    } else {
                                        new myParamKeyFault("Cookie not valid");
                                    }
                                }
                                super.doFilter(request, response, filterChain);
                            }
                        }
                        thanks a lot.

                        Comment

                        Working...
                        X