Announcement Announcement Module
Collapse
No announcement yet.
Need to allow auto-login Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    You're adding a filter in your web.xml, it has an "authenticationManager" property because it extends one of our filters which has one. This isn't being initialized because it is instantiated by your servlet container.

    It also seems like you are configuring your SSO filter to handle forwards when it is actually the one that's doing the forwarding (and the main chain that should be applied). But I don't see why you need to do the forwarding anyway. Why can't you just extend AuthenticationProcessingFilter and override the the requiresAuthentication() method to check for the username/password parameters. You could use the same names for the standard login form too, then the method would wrk for both.

    Comment


    • #17
      Originally posted by Luke Taylor View Post
      Why can't you just extend AuthenticationProcessingFilter and override the the requiresAuthentication() method to check for the username/password parameters. You could use the same names for the standard login form too, then the method would wrk for both.
      You told me to extend AbstractPreAuthenticatedProcessingFilter and I did, so now I should extend AuthenticationProcessingFilter instead and what...?

      I am just really confused.

      all i need to do is:
      1. check to see if there is a username & password as a parameter or in Session
      2. login the user into my Spring Security with the username and password supplied
      3. bypass the Spring Security login form
      and I just need the fastest quickest way to get this done as I was suppose to deliver this last Friday.
      I don't care how hacked it is, I just need it to work for the short term.
      Last edited by mickknutson; Aug 12th, 2008, 01:22 PM.

      Comment


      • #18
        Originally posted by mickknutson View Post
        You told me to extend AbstractPreAuthenticatedProcessingFilter and I did, so now I should extend AuthenticationProcessingFilter instead and what...?
        I don't believe I did ...

        My point is that if you are forwarding the request to AuthenticationProcessingFilter anyway, then why not just use it to process the original request directly, which would be much simpler. It uses the requiresAuthentication() method to decide whether it should authenticate the user, so you can override that and check for your username/password information.

        Comment


        • #19
          I am trying to follow your advice and implement requiresAuthentication() but am having issues:

          http://forum.springframework.org/showthread.php?t=59108

          I really have to complete this by Wednesday as I have been pounding on this for weeks now. any and all help is greatly appreciated to help me complete this task.

          Comment


          • #20
            Using your config, I can't get the AbstractPreAuthenticatedProcessingFilter to load. My container is complaining about being unable to convert my subclassed SSO Filter to javax.servlet.Filter, for whatever reason. Below are my XML, SSOFilter and UserDetailsDao, and the exception being thrown. What am I doing wrong?

            applicationContext-security.xml

            Code:
                <authentication-manager alias="authenticationManager" />
            
                <authentication-provider user-service-ref='xyzUserDetailsService' />
            
                <beans:bean id="xyzUserDetailsService" class ="com.xyz.UserDetailsServiceDao" />
            
                <beans:bean id="singleSignOnFilter" class="com.xyz.SSOFilter">
                    <custom-filter position="PRE_AUTH_FILTER" />
                    <!-- <beans:property name="authenticationManager" ref="authenticationManager" /> -->
                </beans:bean>
            
                <beans:bean id="preauthAuthProvider"
                class="org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationProvider">
                    <custom-authentication-provider />
                    <beans:property name="preAuthenticatedUserDetailsService">
                        <beans:bean id="userDetailsServiceWrapper" class="org.springframework.security.userdetails.UserDetailsByNameServiceWrapper">
                            <beans:property name="userDetailsService" ref="xyzUserDetailsService"/>
                        </beans:bean>
                    </beans:property>
                </beans:bean>
            The User Details DAO:

            Code:
            public class UserDetailsServiceDao implements UserDetailsService {
                public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException
                {
                    System.out.println("Attempting to load user");
                    UserDetails user = new User("[email protected]", "no password", true, true, true, true, null);
                    return user;
                }
            }
            The SSO Filter:

            Code:
            public class SSOFilter
            {
                public class SingleSignOn extends AbstractPreAuthenticatedProcessingFilter
                {
                    protected Object getPreAuthenticatedPrincipal(HttpServletRequest request) {
                        // Eventually we'll pull auth out of a cookie. Grab it from params for now.
                        String userId = request.getParameter("username");
                        return (userId != null) ? userId : null;
                    }
            
                    protected Object getPreAuthenticatedCredentials(HttpServletRequest request) {
                        return "N/A";
                    }
            
                    protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, Authentication authResult) {
                        super.successfulAuthentication(request, response, authResult);
                    }
            
                    protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed) {
                        super.unsuccessfulAuthentication(request, response, failed);
                        try {
                            response.sendError(HttpServletResponse.SC_FORBIDDEN, "Access Denied");
                        } catch (IOException ioe) {
                            ioe.printStackTrace();
                        }
                    }
            
                    public int getOrder() {
                        return FilterChainOrder.PRE_AUTH_FILTER;
                    }
                }
            }
            Exception:

            Code:
            2008-11-24 19:44:36,037 ERROR [org.springframework.web.context.ContextLoader] -
            <Context initialization failed>
            org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating
             bean with name 'singleSignOnFilter': Unsatisfied dependency expressed through c
            onstructor argument with index 1 of type [javax.servlet.Filter]: Could not conve
            rt constructor argument value of type [com.xyz.SSOFilter] to required type [java
            x.servlet.Filter]: Failed to convert value of type [com.xyz.SSOFilter] to requir
            ed type [javax.servlet.Filter]; nested exception is java.lang.IllegalArgumentExc
            eption: Cannot convert value of type [com.xyz.SSOFilter] to required type [javax
            .servlet.Filter]: no matching editors or conversion strategy found

            Comment


            • #21
              Your SSOFilter class isn't a Filter. That's why it's complaining.

              Comment

              Working...
              X