Announcement Announcement Module
Collapse
No announcement yet.
AuthenticationProcessingFilter Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • AuthenticationProcessingFilter

    Any smart guy can shed some light on how to wire a Custom AuthenticationProcessingFilter in the applicationContext-security-ns.xml for spring-security-2.0.0-RC1?

    I coded a Custom AuthenticationProcessingFilter, it is wired and tested ok for acegi-security-1.0.6. Now I am trying to upgrade acegi-security-1.0.6 to spring-security-2.0.0-RC1, but can't figure out the proper syntax of how to wire the custom AuthenticationProcessingFilter in the applicationContext-security-ns.xml.

    Thanks a lot.

  • #2
    Are you receiving any error or what....

    Can you please post your code and exception you are getting so that we can figure out the problem.

    Thanks

    Comment


    • #3
      No, I wasn't even know where to start at that time. Thanks to a private email Sunday night from Craig Walls, it looks should be done this way:

      http://spring.habuma.com/namespaces/...-security-2.0/

      <beans:bean class="MyCustomAuthenticationProcessingFilter">
      <custom-filter position="AUTHENTICATION_PROCESSING_FILTER" />
      </beans:bean>

      (This assumes that you've declared the security namespace as the root
      namespace of the XML.)

      <custom-filter> takes 3 attributes, one of either after, before, or
      position. The after and before attributes let you inject a custom filter
      into the existing filter chain, while position allows you to replace one
      of the filters in the chain with a custom filter.

      However, however, the newest spring security jars I can find is still 2.0.0-RC1 which released on 04/01. This package only supports before and after two attributes in the <custom-filter>, not the position attribute. Guess I have to wait for the final jar files.

      Tried with the before attribute, got error msg like the below:

      Summary:
      org.springframework.beans.factory.BeanCreationExce ption: Error creating bean wi h name 'com.disney.fastpass.cms.domain.user.KeystoneAuthe nticationProcessingFil
      er#0': Cannot create inner bean '(inner bean)' of type [com.disney.fastpass.cms domain.user.KeystoneAuthenticationProcessingFilter] while setting constructor a gument; nested exception is org.springframework.beans.factory.BeanCreationExce p
      ion: Error creating bean with name '(inner bean)#7' defined in ServletContext r source [/WEB-INF/applicationContext-security-ns.xml]: Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: defaultTargetUr must be specified

      Comment


      • #4
        spring-security-2.0.0 released and the <custom-filter position=XXX> attribute is no longer a syntex error. However the filter was not replaced, it is still the
        org.springframework.security.ui.webapp.Authenticat ionProcessingFilter!

        Any ideas?


        <authentication-manager alias="authenticationManager"/>

        <beans:bean id="myAuthenticationProcessingFilter" class="com.MyAuthenticationProcessingFilter">
        <custom-filter position="AUTHENTICATION_PROCESSING_FILTER"/>
        <beansroperty name="defaultTargetUrl" value="/"/>
        <beansroperty name="authenticationManager" ref="authenticationManager"/>
        </beans:bean>


        From the tomcat log:

        [2008-04-15 15:51:38,069] org.springframework.security.util.FilterChainProxy [DE

        BUG]: /index.jsp at position 4 of 12 in additional filter chain; firing Filter:

        'class org.springframework.security.ui.webapp.Authenticat ionProcessingFilter[ or

        der=800; ]'

        Comment


        • #5
          Same Problem.

          I have the same problem, even with the 2.0.0 release. My XML looks like this:
          Code:
          <http>
             <intercept-url pattern="/**" access="ROLE_USER"/>
             <form-login/>
             <anonymous/>
             <logout/>
          </http>
          
          <authentication-manager alias="authenticationManager"/>
          
          <beans:bean class="com.mycompany.security.ui.webapp.CustomAuthenticationProcessingFilter">
             <custom-filter position="AUTHENTICATION_PROCESSING_FILTER"/>
             <beans:property name="defaultTargetUrl" value="/"/>
             <beans:property name="authenticationManager" ref="authenticationManager"/>
          </beans:bean>
          No errors are generated on startup. Running through with the debugger reveals that it is still using the default AuthenticationProcessingFilter.

          Any ideas?

          Comment


          • #6
            Try it without the "form-login". Otherwise you have two beans competing for the same place in the stack. I guess we should add a check for that. You'll also have to set the entry-point-ref to an AuthenticationProcessingFilterEntryPoint bean.

            Comment


            • #7
              Hi, Luke:

              Glad you can shed some light on this.

              1. I tried your suggestion, the result is the same, no filter replacement. From the log, I can't see any attempt of replacement either. Are you suggesting that the filter was again replaced by the default org.springframework.security.ui.webapp.Authenticat ionProcessi
              ngFilter?


              [2008-04-16 17:08:16,712] org.springframework.security.util.FilterChainProxy [DE
              BUG]: Candidate is: '/spring_security_login'; pattern is /**; matched=true
              [2008-04-16 17:08:16,712] org.springframework.security.util.FilterChainProxy [DE
              BUG]: /spring_security_login at position 1 of 12 in additional filter chain; fir
              ing Filter: 'class org.springframework.security.context.HttpSessionCo ntextIntegr
              ationFilter[ order=200; ]'
              [2008-04-16 17:08:16,722] org.springframework.security.context.HttpSessionCo ntex
              tIntegrationFilter [DEBUG]: HttpSession returned null object for SPRING_SECURITY
              _CONTEXT
              [2008-04-16 17:08:16,722] org.springframework.security.context.HttpSessionCo ntex
              tIntegrationFilter [DEBUG]: New SecurityContext instance will be associated with
              SecurityContextHolder
              [2008-04-16 17:08:16,722] org.springframework.security.util.FilterChainProxy [DE
              BUG]: /spring_security_login at position 2 of 12 in additional filter chain; fir
              ing Filter: 'class org.springframework.security.ui.SessionFixationPro tectionFilt
              er[ order=300; ]'
              [2008-04-16 17:08:16,732] org.springframework.security.util.FilterChainProxy [DE
              BUG]: /spring_security_login at position 3 of 12 in additional filter chain; fir
              ing Filter: 'class org.springframework.security.ui.logout.LogoutFilte r[ order=40
              0; ]'
              [2008-04-16 17:08:16,732] org.springframework.security.util.FilterChainProxy [DE
              BUG]: /spring_security_login at position 4 of 12 in additional filter chain; fir
              ing Filter: 'class org.springframework.security.ui.webapp.Authenticat ionProcessi
              ngFilter[ order=800; ]'

              [2008-04-16 17:08:16,742] org.springframework.security.util.FilterChainProxy [DE
              BUG]: /spring_security_login at position 5 of 12 in additional filter chain; fir
              ing Filter: 'org.springframework.security.config.OrderedFilter BeanDefinitionDeco
              rator$OrderedFilterDecorator@181b3d4'

              2. the setting in applicationContext-ns.xml is:

              <http entry-point-ref="authenticationProcessingFilterEntryPoint">
              <intercept-url pattern="/*.do" access="ROLE_USER" />
              <intercept-url pattern="/*.jsp" access="ROLE_USER" />
              <intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />

              <anonymous />
              <logout />
              </http>

              <bean id="authenticationProcessingFilterEntryPoint"
              class="org.springframework.security.ui.webapp.Auth enticationProcessingFilterEntryPoint">
              <!-- <property name="loginFormUrl" value="/login.jsp"/> -->
              <property name="loginFormUrl" value="/index.jsp"/>
              <property name="forceHttps">< value="false"/>
              </bean>

              <authentication-provider user-service-ref="userService"><password-encoder hash="md5" /></authentication-provider>


              <authentication-manager alias="authenticationManager"/>
              <beans:bean id="keystoneAuthenticationProcessingFilter" class="com.disney.fastpass.cms.domain.user.Keyston eAuthenticationProcessingFilter">
              <custom-filter position="AUTHENTICATION_PROCESSING_FILTER"/>
              <beansroperty name="defaultTargetUrl" value="/"/>
              <beansroperty name="authenticationManager" ref="authenticationManager"/>
              </beans:bean>

              Comment


              • #8
                I also tried <custom-filter after="AUTHENTICATION_PROCESSING_FILTER"/> and <custom-filter before="AUTHENTICATION_PROCESSING_FILTER"/>, don't see any change in the log.

                Comment


                • #9
                  The reference to the filter decorator, at position 5, is probably your filter. I think you must still have <form-login/> or auto-config='true' set in your config for that log, otherwise the default AuthenticationProcessingFilter should not be created.

                  Comment


                  • #10
                    Also from my tests, "before" does result in the filter coming before the AuthenticationProcessingFilter. Using "after" is no different from "position" as ti ends up after the AuthenticationProcessingFilter when they both have the same order value.

                    Comment


                    • #11
                      I managed to get custom AuthenticationProcessingFilter filter to work with following xml configuration:

                      Code:
                      <http auto-config="false" entry-point-ref="authenticationProcessingFilterEntryPoint">
                          <intercept-url pattern="/test.jsp" access="IS_AUTHENTICATED_REMEMBERED" />
                          <logout/>
                          <anonymous/>
                      </http>
                          
                      <beans:bean id="authenticationProcessingFilterEntryPoint" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
                          <beans:property name="loginFormUrl" value="/login.jsp"/>
                          <beans:property name="forceHttps" value="false" />
                      </beans:bean>
                          
                          
                      <authentication-manager alias='authenticationManagerAlias'/>
                          
                      <beans:bean id="myAuthenticationProcessingFilter" class="com.mycompany.myAuthenticationProcessingFilter">
                           <beans:property name="defaultTargetUrl" value="/"/>
                           <beans:property name="authenticationManager" ref="authenticationManagerAlias"/>
                           <custom-filter position="AUTHENTICATION_PROCESSING_FILTER"/>
                      </beans:bean>
                      Class com.mycompany.myAuthenticationProcessingFilter extends Spring Security AuthenticationProcessingFilter. I changed the attemptAuthentication method to include my custom user session creation (that is not connected in any way to Tomcat).

                      Comment

                      Working...
                      X