Announcement Announcement Module
No announcement yet.
Siteminder preauth not being rechecked. Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Siteminder preauth not being rechecked.

    I've created a class to override AbstractPreAuthenticatedProcessingFilter. The getPreAuthenticatedPrincipal() method simply reads the cookie set by SiteMinder.

    I've configured the security with /**=channelProcessingFilter,httpSessionIntegrationF ilter,logoutFilter,authenticationProcessingFilter, exceptionTranslationFilter,filterSecurityIntercept or

    I've set up the userDetailsService with an overridden version of JdbcDaoImpl that implements loadUsersByUsername() and loadUserAuthorities() to retrieve user information from a database. I need to do this because while siteminder is making sure the user is a valid user for an enterprise, I still need to verify that the user is valid for my particular web application.

    The problem I'm having is that the cookie is not being rechecked on each request. If a new requests comes in and the cookie's value has changed, the new request is treated as though it were the previous users. (I verified this is the problem by putting debug statements in the getPreAuthenticatedPrincipal() method).

    My sessionId is null, which seems like a bad thing.

    Is there any special handling I need to do to make sure I have an HTTPSession available?

    Is there something I need to do to get the cookie to be verified on each request?
    Last edited by BrianCubeDweller; Feb 11th, 2009, 11:23 AM. Reason: spelling