Announcement Announcement Module
Collapse
No announcement yet.
trying to create a custome AuthenticationProcessingFilter with no luck... Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • trying to create a custome AuthenticationProcessingFilter with no luck...

    I have spent all afternoon trying to figure out:
    http://hemalcshah.blogspot.com/2008/...in-spring.html

    I jsut can't get this to work.
    All I want to do it get my SingleSignOnProcessingFilter to process the login requests.

    Here is my security.xml:
    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    
    <!--
      - Sample namespace-based configuration
      -
      - $Id: applicationContext-security.xml 3019 2008-05-01 17:51:48Z luke_t $
      -->
      <!--<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:sec="http://www.springframework.org/schema/security"
       xmlns:beans="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
                   http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
                   http://www.springframework.org/schema/security
                   http://www.springframework.org/schema/security/spring-security-2.0.xsd">-->
    
    <beans:beans xmlns="http://www.springframework.org/schema/security"
        xmlns:beans="http://www.springframework.org/schema/beans"
        xmlns:sec="http://www.springframework.org/schema/security"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://www.springframework.org/schema/beans
                            http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
                            http://www.springframework.org/schema/security
                            http://www.springframework.org/schema/security/spring-security-2.0.2.xsd">
    
        <sec:global-method-security secured-annotations="enabled">
            <!-- AspectJ pointcut expression that locates our "post" method and applies security that way
            <protect-pointcut expression="execution(* bigbank.*Service.post*(..))" access="ROLE_TELLER"/>
            -->
        </sec:global-method-security>
    
    
        <http entry-point-ref="authenticationProcessingFilterEntryPoint" auto-config="false">
            <sec:intercept-url pattern="/login.jsp*" filters="none"/>
            <sec:intercept-url pattern="/login.html*" filters="none"/>
    
            <sec:intercept-url pattern="/view/admin/**" access="ROLE_ADMIN"/>
            <sec:intercept-url pattern="/index.*" access="ROLE_ADMIN"/>
            <sec:intercept-url pattern="/index.*" access="ROLE_CUSTOMER"/>
            <sec:intercept-url pattern="/services/**" access="ROLE_CUSTOMER"/>
    
            <logout logout-url="/j_spring_security_logout" invalidate-session="true"/>
        </http>
    
        <!--<http auto-config="true" access-denied-page="/view/error/403.jsp">
            <intercept-url pattern="/login.jsp*" filters="none"/>
            <intercept-url pattern="/login.html*" filters="none"/>
    
            <intercept-url pattern="/view/admin/**" access="ROLE_ADMIN"/>
            <intercept-url pattern="/index.*" access="ROLE_ADMIN"/>
            <intercept-url pattern="/index.*" access="ROLE_CUSTOMER"/>
            <intercept-url pattern="/services/**" access="ROLE_CUSTOMER"/>-->
    
    
        <!-- All of this is unnecessary if auto-config="true" -->
        <!--<form-login login-page="/login.html"
                        authentication-failure-url="/login.html?login_error=1"
                        default-target-url="/services/index.html" />-->
    
        <!--anonymous / -->
    
        <!--http-basic / -->
    
        <!--<logout logout-success-url="/index.html"/>-->
    
        <!--remember-me /-->
    
        <!--servlet-api-integration /-->
    
        <!--<concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="true"/>
    
         </http>-->
    
        <!--<beans:bean id="authenticationProcessingFilterEntryPoint"
            class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter">-->
            <beans:bean id="authenticationProcessingFilterEntryPoint"
                class="com.servepath.security.SingleSignOnProcessingFilter">
                <sec:custom-filter position="AUTHENTICATION_PROCESSING_FILTER"/>
            <beans:property name="authenticationManager" ref="authenticationManager"/>
            <beans:property name="authenticationFailureUrl" value="/login.html?login_error=1"/>
            <beans:property name="exceptionMappings">
                <beans:props>
                    <beans:prop key="org.springframework.security.BadCredentialsException"> /error.html </beans:prop>
                    <beans:prop key="org.springframework.security.CredentialsExpiredException">
                        /getnewpassword.html </beans:prop>
                    <beans:prop key="org.springframework.security.LockedException"> /lockedoutpage.html </beans:prop>
                    <beans:prop key="org.springframework.security.DisabledException">
                        /unauthorizeduser.html </beans:prop>
                </beans:props>
            </beans:property>
            <beans:property name="defaultTargetUrl" value="/index.html"/>
            <beans:property name="filterProcessesUrl" value="/j_spring_security_check"/>
        </beans:bean>
    
    
    
    
    
        <beans:bean id="jdbcUserDetailService"
            class="org.springframework.security.userdetails.jdbc.JdbcDaoImpl">
            <beans:property name="dataSource" ref="dataSource"/>
            <beans:property name="usersByUsernameQuery"
                value="SELECT cr.username, cr.password, 'true' FROM plat.dbo.customer cr WHERE cr.username = ?"/>
            <beans:property name="authoritiesByUsernameQuery"
                value="SELECT customer.username, role.name as authority FROM plat.dbo.customer customer, plat.dbo.role role, plat.dbo.customer_role customer_role WHERE customer_role.customer_username = customer.username AND customer_role.role_id = role.id AND customer.username = ?"
            />
        </beans:bean>
    
        <!--<beans:bean id="jdbcUserDetailService" class ="com.xyzcorp.test.dao.UserDetailDao"/>-->
    
        <authentication-provider user-service-ref="jdbcUserDetailService"> </authentication-provider>
    
    
    
    
    
    
    
    
    
    
    
    
        <!--<beans:bean id="singleSignOnFilter"
            class="com.servepath.security.SingleSignOnFilter">
    
            <custom-filter position="PRE_AUTH_FILTER" />
            <beans:property name="authenticationManager" ref="authenticationManagerAlias" />
        </beans:bean>
    
        <beans:bean id="singleSignOnProcessingFilter"
            class="com.servepath.security.SingleSignOnProcessingFilter">
    
            <custom-filter position="PRE_AUTH_FILTER" />
            <beans:property name="authenticationManager" ref="authenticationManagerAlias" />
        </beans:bean>
    
        <beans:bean id="preauthAuthProvider"
                    class="org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationProvider">
            <custom-authentication-provider />
    
            <beans:property name="preAuthenticatedUserDetailsService">
                <beans:bean id="userDetailsServiceWrapper"
                        class="org.springframework.security.userdetails.UserDetailsByNameServiceWrapper">
                    <beans:property name="userDetailsService" ref="jdbcUserDetailService"/>
                </beans:bean>
            </beans:property>
        </beans:bean>-->
    
        <authentication-manager alias="authenticationManager"/>
    
    
    </beans:beans>

  • #2
    Here is my filter:
    Code:
    package com.servepath.security;
    
    import java.util.ArrayList;
    import java.util.HashMap;
    import java.util.List;
    import java.util.Map;
    
    import javax.servlet.http.HttpServletRequest;
    import javax.servlet.http.HttpServletResponse;
    
    import org.springframework.security.Authentication;
    import org.springframework.security.AuthenticationException;
    import org.springframework.security.ui.*;
    import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;
    
    
    public class SingleSignOnProcessingFilter extends AuthenticationProcessingFilter {
    
    
        protected boolean requiresAuthentication(
            HttpServletRequest request, HttpServletResponse response){
    
                String userId = request.getParameter("username");
                String password = request.getParameter("password");
    
                System.out.println("=============================================");
                System.out.println("userId: " + userId);
                System.out.println("password: " + password);
                System.out.println("=============================================");
    
                if(userId != null || password != null){
                    System.out.println("**********************************************");
                    System.out.println("return 'logged in'");
                    return false;
                } else {
                    System.out.println("**********************************************");
                    System.out.println("return 'null'");
                    return true;
                }
    
            }
    
    
    
    } // The End...

    Comment


    • #3
      Can someone help me understand why I keep getting this error:
      Code:
      Aug 21, 2008 7:11:42 PM org.apache.catalina.core.StandardContext listenerStart
      SEVERE: Exception sending context initialized event to listener instance of class org.springframework.web.context.ContextLoaderListener
      org.springframework.beans.factory.BeanCreationException: Error creating bean with name '_filterChainProxy': Initialization of bean failed; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name '_filterChainList': Cannot resolve reference to bean '_exceptionTranslationFilter' while setting bean property 'filters' with key [2]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name '_exceptionTranslationFilter': Initialization of bean failed; nested exception is java.lang.ClassCastException: com.servepath.security.SingleSignOnProcessingFilter
          at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:470)
          at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:404)
          at java.security.AccessController.doPrivileged(Native Method)
          at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:375)
          at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:263)
          at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:170)
          at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:260)
          at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:184)
          at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:163)
          at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:430)
          at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:729)
          at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:381)
          at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:254)
          at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:198)
          at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:45)
          at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3843)
          at org.apache.catalina.core.StandardContext.start(StandardContext.java:4342)
          at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
          at org.apache.catalina.core.StandardHost.start(StandardHost.java:719)
          at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
          at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
          at org.apache.catalina.core.StandardService.start(StandardService.java:516)
          at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
          at org.apache.catalina.startup.Catalina.start(Catalina.java:578)
          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
          at java.lang.reflect.Method.invoke(Method.java:585)
          at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288)
          at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
      Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name '_filterChainList': Cannot resolve reference to bean '_exceptionTranslationFilter' while setting bean property 'filters' with key [2]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name '_exceptionTranslationFilter': Initialization of bean failed; nested exception is java.lang.ClassCastException: com.servepath.security.SingleSignOnProcessingFilter
          at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:275)
          at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:104)
          at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedList(BeanDefinitionValueResolver.java:287)
          at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:126)
          at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1210)
          at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:978)
          at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:462)
          at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:404)
          at java.security.AccessController.doPrivileged(Native Method)
          at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:375)
          at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:263)
          at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:170)
          at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:260)
          at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:184)
          at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:163)
          at org.springframework.security.config.FilterChainProxyPostProcessor.postProcessBeforeInitialization(FilterChainProxyPostProcessor.java:52)
          at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyBeanPostProcessorsBeforeInitialization(AbstractAutowireCapableBeanFactory.java:346)
          at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1295)
          at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:463)
          ... 29 more
      Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name '_exceptionTranslationFilter': Initialization of bean failed; nested exception is java.lang.ClassCastException: com.servepath.security.SingleSignOnProcessingFilter
          at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:470)
          at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:404)
          at java.security.AccessController.doPrivileged(Native Method)
          at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:375)
          at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:263)
          at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:170)
          at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:260)
          at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:184)
          at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:163)
          at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:269)
          ... 47 more
      Caused by: java.lang.ClassCastException: com.servepath.security.SingleSignOnProcessingFilter
          at org.springframework.security.config.EntryPointInjectionBeanPostProcessor.postProcessBeforeInitialization(EntryPointInjectionBeanPostProcessor.java:47)
          at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyBeanPostProcessorsBeforeInitialization(AbstractAutowireCapableBeanFactory.java:346)
          at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1295)
          at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:463)
          ... 56 more

      Comment


      • #4
        Your entry point appears to be an instance of your filter class, which is causing a ClassCastException.

        Comment


        • #5
          Originally posted by Luke Taylor View Post
          Your entry point appears to be an instance of your filter class, which is causing a ClassCastException.
          So, can you help walk me through this as I am confused as to the blog:
          http://hemalcshah.blogspot.com/2008/...in-spring.html


          So I think I want to create a filter:

          <beans:bean id="authenticationProcessingFilterEntryPoint"
          class="com.servepath.security.SingleSignOnProcessi ngFilter">

          to check the session for the need to auto login:
          SingleSignOnProcessingFilter:: protected boolean requiresAuthentication(
          HttpServletRequest request, HttpServletResponse response){

          Thus, my confusion now is how to wire this up as I followed this blog.

          Comment


          • #6
            I have gotten a bit further after combing the forum all morning.

            Here is my security.xml now:

            Code:
            <?xml version="1.0" encoding="UTF-8"?>
            
            <!--
              - Sample namespace-based configuration
              -
              - $Id: applicationContext-security.xml 3019 2008-05-01 17:51:48Z luke_t $
              -->
              <beans:beans xmlns="http://www.springframework.org/schema/security"
                xmlns:beans="http://www.springframework.org/schema/beans"
                xmlns:sec="http://www.springframework.org/schema/security"
                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                xsi:schemaLocation="http://www.springframework.org/schema/beans
                                    http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
                                    http://www.springframework.org/schema/security
                                    http://www.springframework.org/schema/security/spring-security-2.0.2.xsd">
            
                <sec:global-method-security secured-annotations="enabled">
                    <!-- AspectJ pointcut expression that locates our "post" method and applies security that way
                    <protect-pointcut expression="execution(* bigbank.*Service.post*(..))" access="ROLE_TELLER"/>
                    -->
                </sec:global-method-security>
            
                  <sec:http entry-point-ref="authenticationEntryPoint" auto-config="false">
                    <sec:intercept-url pattern="/login.jsp*" filters="none"/>
                    <sec:intercept-url pattern="/login.html*" filters="none"/>
                      
                      <anonymous />                  
                      
                    <logout logout-url="/j_spring_security_logout" invalidate-session="true"/>
                </sec:http>
            
                <!-- All of this is unnecessary if auto-config="true" -->
                <!--<form-login login-page="/login.html"
                                authentication-failure-url="/login.html?login_error=1"
                                default-target-url="/services/index.html" />-->
                <!--anonymous / -->
                <!--http-basic / -->
                <!--<logout logout-success-url="/index.html"/>-->
                <!--remember-me /-->
                <!--servlet-api-integration /-->
                <!--<concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="true"/>
            
            </http>-->
            
                <beans:bean id="filterChainProxy" class="org.springframework.security.util.FilterChainProxy">
                    <sec:filter-chain-map path-type="ant">            
                        <sec:filter-chain pattern="/**"
                            filters="httpSessionContextIntegrationFilter,
                            authenticationProcessingFilter, 
                            exceptionTranslationFilter, 
                            filterSecurityInterceptor"
                        />
                    </sec:filter-chain-map>
                </beans:bean>
            
            
                  <beans:bean id="httpSessionContextIntegrationFilter"
                      class="org.springframework.security.context.HttpSessionContextIntegrationFilter" />
                  
                  
            
                <beans:bean id="authenticationProcessingFilter"
                    class="com.servepath.security.SingleSignOnProcessingFilter">
                    <sec:custom-filter position="AUTHENTICATION_PROCESSING_FILTER"/>
                    <beans:property name="authenticationManager" ref="authenticationManager"/>
                    <beans:property name="authenticationFailureUrl" value="/login.html?login_error=1"/>
                    <beans:property name="exceptionMappings">
                        <beans:props>
                            <beans:prop key="org.springframework.security.BadCredentialsException"> /error.html</beans:prop>
                            <beans:prop key="org.springframework.security.CredentialsExpiredException">
                                /getnewpassword.html </beans:prop>
                            <beans:prop key="org.springframework.security.LockedException"> /lockedoutpage.html </beans:prop>
                            <beans:prop key="org.springframework.security.DisabledException">
                                /unauthorizeduser.html </beans:prop>
                        </beans:props>
                    </beans:property>
                    <beans:property name="defaultTargetUrl" value="/index.html"/>
                    <beans:property name="filterProcessesUrl" value="/j_spring_security_check"/>
                </beans:bean>
            
                <!--  authorization -->
                <beans:bean id="filterSecurityInterceptor"
                    class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
                    <beans:property name="authenticationManager" ref="authenticationManager"/>
                    <beans:property name="accessDecisionManager" ref="accessDecisionManager"/>
                    <beans:property name="objectDefinitionSource">
                        <sec:filter-invocation-definition-source>               
                            <sec:intercept-url pattern="/login.*" access="ROLE_ANONYMOUS"/>
                            <sec:intercept-url pattern="/index.*" access="ROLE_CUSTOMER"/>
                            <sec:intercept-url pattern="/services/**" access="ROLE_CUSTOMER"/>
                        </sec:filter-invocation-definition-source>
                    </beans:property> 
                </beans:bean>
            
            
                <beans:bean id="exceptionTranslationFilter"
                    class="org.springframework.security.ui.ExceptionTranslationFilter">
                    <beans:property name="authenticationEntryPoint" ref="authenticationEntryPoint"/>
                    <beans:property name="accessDeniedHandler" ref="accessDeniedHandler"/>
                </beans:bean>
                  
                  <beans:bean id="accessDeniedHandler"
                      class="org.springframework.security.ui.AccessDeniedHandlerImpl">
                  </beans:bean>    
                  
                  
                  <beans:bean id="accessDecisionManager" 
                      class="org.springframework.security.vote.UnanimousBased">
                      <beans:property name="decisionVoters">
                          <beans:list>
                              <beans:ref bean="roleVoter"/>
                          </beans:list>
                      </beans:property>        
                  </beans:bean>
                  
                  <beans:bean id="roleVoter" class="org.springframework.security.vote.RoleVoter"/>
                  
                  
            
            
                  <beans:bean id="authenticationEntryPoint"
                    class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
                    <beans:property name="loginFormUrl" value="/login.html"/>
                    <beans:property name="forceHttps" value="false"/>
                </beans:bean>
            
            
            
            
            
            
                <!-- Single Sign-On filtering -->
                <!--
                Test with this URL:
                http://localhost:8888/index.html?username=13011&password=password
                -->
            
                <beans:bean id="jdbcUserDetailService"
                    class="org.springframework.security.userdetails.jdbc.JdbcDaoImpl">
                    <beans:property name="dataSource" ref="dataSource"/>
                    <beans:property name="usersByUsernameQuery"
                        value="SELECT cr.username, cr.password, 'true' FROM plat.dbo.customer cr WHERE cr.username = ?"/>
                    <beans:property name="authoritiesByUsernameQuery"
                        value="SELECT customer.username, role.name as authority FROM plat.dbo.customer customer, plat.dbo.role role, plat.dbo.customer_role customer_role WHERE customer_role.customer_username = customer.username AND customer_role.role_id = role.id AND customer.username = ?"
                    />
                </beans:bean>
            
                <!--<beans:bean id="jdbcUserDetailService" class ="com.xyzcorp.test.dao.UserDetailDao"/>-->
            
                <authentication-provider user-service-ref="jdbcUserDetailService"> </authentication-provider>
            
                <authentication-manager alias="authenticationManager"/>
            
            
            </beans:beans>
            And when I go to /index.html (facelets), I get redirected into a loop then to:
            /error.html

            Can someone help me understand why I am in this loop, and send the user to /login.html ?
            Last edited by mickknutson; Aug 22nd, 2008, 02:56 PM.

            Comment


            • #7
              Can anyone help me on this please?

              Comment


              • #8
                Please help me.

                I have been trying everything I know to try, and have now spent several weeks on this, and I am totally down to the wire with my deadline tomorrow. I would respectfully ask for help from anyone....

                Comment


                • #9
                  Can I PAY someone to help me solve this?

                  Comment


                  • #10
                    Desperate!!!

                    is there no person that has ever done this? Or wants to do this?
                    I have spent weeks searching everything on google and there is just simply nothing that I have found that works with form based login, and an 'AuthenticationProcessingFilter'....

                    Comment


                    • #11
                      mickknutson, don't whine. the help is free.

                      Continuous redirects are often due to having the login page and/or the error page requiring security. Thus, every login attempt/error requires an authentication and therefore a redirect.

                      Comment


                      • #12
                        try this inside your filterChainProxyBean:

                        <s:filter-chain pattern="/login*" filters="none"/>

                        Comment

                        Working...
                        X