Announcement Announcement Module
Collapse
No announcement yet.
How to replace form-login Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to replace form-login

    Using Spring Security 2.0.3.

    I have written a custom AuthenticationProcessingFilter and AuthenticationProvider and want to plug this in to replace the form-login.

    Code:
        <bean id="combinedAuthenticationProcessingFilter"
              class="web.security.CombinedAuthenticationProcessingFilter">
            <property name="authenticationManager" ref="authenticationManager"/>
            <property name="authenticationFailureUrl" value="/login.html?error=true"/>
            <property name="defaultTargetUrl" value="/"/>
            <property name="filterProcessesUrl" value="/j_security_check"/>
            <security:custom-filter position="AUTHENTICATION_PROCESSING_FILTER"/>
        </bean>
    
        <bean id="exceptionTranslationFilter" class="org.springframework.security.ui.ExceptionTranslationFilter">
            <property name="authenticationEntryPoint" ref="authenticationProcessingFilterEntryPoint">
            </property>
            <property name="accessDeniedHandler">
                <bean class="org.springframework.security.ui.AccessDeniedHandlerImpl">
                    <property name="errorPage" value="/error.html"/>
                </bean>
            </property>
            <security:custom-filter position="EXCEPTION_TRANSLATION_FILTER"/>
        </bean>
        
        <bean id="authenticationProcessingFilterEntryPoint"
              class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
            <property name="loginFormUrl" value="/j_security_check"/>
            <property name="forceHttps" value="false"/>
        </bean>
    
        <bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
            <property name="providers">
                <list>
                    <ref local="combinedAuthenticationProvider"/>
                    <ref local="anonymousAuthenticationProvider"/>
                </list>
            </property>
        </bean>
    
        <bean id="combinedAuthenticationProvider" class="web.security.CombinedAuthenticationProvider">
            <property name="accountLookupService" ref="accountLookupService"/>
            <property name="passwordEncoder" ref="passwordEncoder"/>
            <security:custom-authentication-provider/>
        </bean>
    
        <bean id="anonymousAuthenticationProvider"
              class="org.springframework.security.providers.anonymous.AnonymousAuthenticationProvider">
            <property name="key" value="anonymous"/>
        </bean>
    The problem is that AuthenticationProcessingFilterEntryPoint is not recognized, and I get this error:

    Code:
    org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: No AuthenticationEntryPoint could be established.
     Please make sure you have a login mechanism configured through the namespace (such as form-login) or specify a custom AuthenticationEntryPoint with the custom-entry-point-ref attribute
    Where do I put the custom-entry-point-ref attribute?

    My objective is to replace the form-login with my own bean configuration.

    TIA,

    Richard

  • #2
    Originally posted by brewsterr View Post
    My objective is to replace the form-login with my own bean configuration.
    Normally, this should do it:
    Code:
      <http>
        <intercept-url pattern="/noaccess.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY" />
        <intercept-url pattern="/login.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY" />
        <intercept-url pattern="/**" access="IS_AUTHENTICATED_REMEMBERED" />
    
        <form-login login-page="/login.jsp" login-processing-url="/login_security_check" always-use-default-target="false"
          authentication-failure-url="/noaccess.jsp" />
    
        <anonymous />
        <logout />
    
      </http>
    where login.jsp shows a custom form. In that form the action is 'login_security_check'

    Comment


    • #3
      There's now a section in the manual which explains this:

      http://static.springframework.org/sp...ntry-point-ref

      Note that replacing the ExceptionTranslationFilter created by the namespace isn't supported.
      Last edited by Luke Taylor; Jul 16th, 2008, 12:47 PM. Reason: typo

      Comment


      • #4
        Thanks for the replies. I removed form-login and the ExceptionTranslationFilter and added the entry-point-ref to reference my AuthenticationProcessingFilterEntryPoint.

        But my custom combinedAuthenticationProcessingFilter never gets into the filter chain. The default AuthenticationProcessingFilter, order = 700, is used instead. Here is the filter chain debug log:

        Code:
        DEBUG [btpool0-1] FilterChainProxy.getFilters(201) | Candidate is: '/j_security_check'; pattern is /**; matched=true
        DEBUG [btpool0-1] FilterChainProxy.doFilter(366) | /j_security_check at position 1 of 8 in additional filter chain; firing Filter: 'org.springframework.security.context.HttpSessionContextIntegrationFilter[ order=200; ]'
        DEBUG [btpool0-1] HttpSessionContextIntegrationFilter.readSecurityContextFromSession(286) | HttpSession returned null object for SPRING_SECURITY_CONTEXT
        DEBUG [btpool0-1] HttpSessionContextIntegrationFilter.doFilterHttp(209) | New SecurityContext instance will be associated with SecurityContextHolder
        DEBUG [btpool0-1] FilterChainProxy.doFilter(366) | /j_security_check at position 2 of 8 in additional filter chain; firing Filter: 'org.springframework.security.ui.logout.LogoutFilter[ order=300; ]'
        DEBUG [btpool0-1] FilterChainProxy.doFilter(366) | /j_security_check at position 3 of 8 in additional filter chain; firing Filter: 'org.springframework.security.ui.webapp.AuthenticationProcessingFilter[ order=700; ]'
        How do I replace the filter with my own?

        Thanks,

        Richard

        Comment


        • #5
          If two filters are included at the same position then you will get an error on startup. Please attach the log (a decent sized portion of it) and your application context configuration because it is impossible to say what is happening without them. Use an attachment rather than pasting them into forum posts.

          Comment


          • #6
            I fixed the authenticationProcessingFilterEntryPoint and now my filter is activated.

            Code:
            <property name="loginFormUrl" value="/j_security_check"/>
            should have been
            Code:
            <property name="loginFormUrl" value="/login.html"/>
            That was the last piece of the puzzle. I appreciate your help.

            Richard

            Comment


            • #7
              Richard, can you paste what worked for you, specifically how you connect the filters? I am facing a similar problem. Thanks.
              Last edited by J Ball; Jul 16th, 2008, 06:23 PM.

              Comment


              • #8
                Look at here:
                http://forum.springframework.org/showthread.php?t=56167

                Comment


                • #9
                  See attached zip file with the security.xml that works. Notice that I did not use any of the namespace configurations, but used only Spring beans. I could have used the <anonymous> element in <http>, but that would have saved only one bean and I wanted to make it explicit.

                  Richard

                  Comment


                  • #10
                    I following your config file and based mine off your's. I actually got a login screen and no deployment errors, so thank you! Now, after I login I get an error page saying "The requested resource (/<context root>/loginProcess) is not available."

                    In looking at your config file, I didn't see a loginProcess declaration and was wondering if you knew how it was configured. What replaces the "login-processing-url" from the default form-login? Below is how I had it working prior to replacing it.
                    <form-login login-page="/login.jsp"
                    login-processing-url="/loginProcess"
                    default-target-url="/index.jsp"
                    authentication-failure-url="/login.jsp?login_error=1" />

                    Comment


                    • #11
                      I presume that the login processing URL is the filterProcessesUrl on my custom AuthenticationProcessingFilter:

                      <property name="filterProcessesUrl" value="/j_security_check"/>

                      Someone else may know more about what <form-login login-processing-url="/path"> actually does.

                      Richard

                      Comment


                      • #12
                        I have no idea what form-login does but when I replaced "j_security_check" with "processLogin" it got passed my previous error. I'm not sure if this will cause a negative effect later.

                        Can someone help clear up what form-login is doing and how replacing it should be configured?

                        Comment


                        • #13
                          form-login creates an AuthenticationProcessingFilter. This is explained here

                          http://static.springframework.org/sp...custom-filters

                          You need to understand how this and the other filters work if you are going to customize them. The property "filterProcessesUrl" aka "login-processing-url" defaults to "/j_spring_security_check" and is the URL that the login form should submit to and which the filter will intercept to handle the login request. Using "/j_security_check" is not a good idea as that is the default J2EE form login URL and some containers may choose to process it themselves without presenting it to the application.

                          Comment

                          Working...
                          X