Announcement Announcement Module
Collapse
No announcement yet.
PreAuthentication URL Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    Nvm Luke, you're too fast .

    No, I just added the logout tag to <http>-element and now it works. A bit stupid of me, my apologies .

    For the people who are in the same situation, just do a logout as you would normally do when logging in with a form.

    Btw, maybe you wonder why we put it in the session. Since you can log in with multiple profiles, you can't add it to a filter. Because between requests the headers are renewed and you don't know who tried to login from the beginning. If you only log in with one profile, you can use a filter, since you can add the user id hardcoded.

    Comment


    • #17
      Hi,

      sorry for posting to that old topic, but I'm in the same situation as robinbajaj. An external source (TIM/TAM) is authenticating the user and adds an "iv-user" to the header. In my case spring extracts the iv-user correctly from the header (if the header is missing there's an error message), but the ROLE ist not extracted from user-service. If I proceed to a page below "/pages/" I get a "HTTP ERROR: 403 Access Denied RequestURI=/myWebApp/pages/".
      What am I doing wrong. My securityApplicationContext is the same as robinbajaj's. Can you please help me?

      Thanks in advance,
      Sam

      Here's my security-ApplicationContext:
      Code:
      <?xml version="1.0" encoding="UTF-8"?>
      
      <beans:beans xmlns="http://www.springframework.org/schema/security"
          xmlns:beans="http://www.springframework.org/schema/beans"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
          http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.1.xsd">
      	
      	
      	
      	<global-method-security secured-annotations="enabled">
      	</global-method-security>
      
      	<http entry-point-ref="preAuthenticatedProcessingFilterEntryPoint">
      		<intercept-url pattern="/pages/**" access="ROLE_SUPERVISOR" />
      	</http>
      	
      	
         <beans:bean id="preAuthenticatedProcessingFilterEntryPoint"
                  class="org.springframework.security.ui.preauth.PreAuthenticatedProcessingFilterEntryPoint"/> 
                  
      	<beans:bean id="preAuthenticatedProcessingFilter"
      		class="org.springframework.security.ui.preauth.header.RequestHeaderPreAuthenticatedProcessingFilter">
      		<custom-filter position="PRE_AUTH_FILTER" />
      		<beans:property name="principalRequestHeader" value="iv-user" />
      		<beans:property name="authenticationManager"  ref="authenticationManager" />
      	</beans:bean>
      	
      	<authentication-manager alias="authenticationManager" />
      	
      	<authentication-provider>
      		<user-service>
      			<user name="super" password="super" authorities="ROLE_SUPERVISOR" />
      		</user-service>
      	</authentication-provider>   
      	
      </beans:beans>

      Comment

      Working...
      X