Announcement Announcement Module
Collapse
No announcement yet.
Problem with custom logout filter Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Problem with custom logout filter

    Hi,

    i have written a custom logout filter. My security configuration file looks like this:

    Code:
    <beans:beans xmlns="http://www.springframework.org/schema/security"
        xmlns:beans="http://www.springframework.org/schema/beans"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:context="http://www.springframework.org/schema/context"
        xmlns:p="http://www.springframework.org/schema/p"
        xsi:schemaLocation="http://www.springframework.org/schema/beans
            http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
            http://www.springframework.org/schema/security
            http://www.springframework.org/schema/security/spring-security-2.0.1.xsd
            http://www.springframework.org/schema/context 
            http://www.springframework.org/schema/context/spring-context-2.5.xsd
            ">
    
    	<global-method-security secured-annotations="enabled" 
    	access-decision-manager-ref="accessDecisionManager"/>
    	
        <beans:bean id="authenticationProcessingFilter" class="aesmo.blah.blah.MyAuthenticationProcessingFilter">
    		<custom-filter position="AUTHENTICATION_PROCESSING_FILTER" />
    		<beans:property name="defaultTargetUrl" value="/index.jsp" />
    		<beans:property name="authenticationManager" ref="authenticationManager" />
    		<beans:property name="authenticationFailureUrl" value="/login.jsp?error=true" />		
    	</beans:bean>
    	
    	<authentication-manager alias="authenticationManager" />
    	
    	<http auto-config="false" entry-point-ref="authenticationProcessingFilterEntryPoint" 
    	access-decision-manager-ref="accessDecisionManager">
    		<intercept-url pattern="/admin/*.do"
            access="ABC_ADMINISTRATOR" />
            <intercept-url pattern="/system/*.do"
            access="ABC_SYS_CONTROLLER" />        	    
        </http>
        
         <beans:bean id="logoutFilter" class="org.springframework.security.ui.logout.LogoutFilter">
    		<beans:constructor-arg value="/login.jsp"></beans:constructor-arg>
    		<beans:constructor-arg>
    			<beans:list>
    				<beans:bean class="ca.aeso.dt.web.security.AdamsSecurityLogoutHandler" />
    				<beans:bean class="org.springframework.security.ui.logout.SecurityContextLogoutHandler" />
    			</beans:list>
    		</beans:constructor-arg>
    		<beans:property name="filterProcessesUrl" value="/j_spring_security_logout" />
    	</beans:bean> 
    	
         <beans:bean id="authenticationProcessingFilterEntryPoint"
    		class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
    		<beans:property name="loginFormUrl" value="/login.jsp" />
    		<beans:property name="forceHttps" value="false" />
    	</beans:bean>
    		
         <beans:bean id="dataSource" class="org.springframework.jndi.JndiObjectFactoryBean">
             <beans:property name="jndiName" value="jdbc/dtDataSource"/>
             <beans:property name="resourceRef" value="true"/>
             <beans:property name="expectedType" value="javax.sql.DataSource"/>
        </beans:bean>
    	
    	<authentication-provider>
    	<password-encoder hash="plaintext"/>	
    	<jdbc-user-service data-source-ref="dataSource"
    	users-by-username-query = "blah blah myquery" 
    	authorities-by-username-query="blah blah myquery"/>		
    	</authentication-provider>
    	
        <beans:bean id="accessDecisionManager" class="org.springframework.security.vote.AffirmativeBased">
    		<beans:property name="decisionVoters">
    			<beans:list>
      				<beans:ref bean="roleVoter" /> 
      			</beans:list>
      		</beans:property>
      	</beans:bean>
    	<beans:bean id="roleVoter" 
    		class="org.springframework.security.vote.RoleVoter">
     	<beans:property name="rolePrefix">
      		<beans:value>ABC_</beans:value> 
      	</beans:property>
      </beans:bean>
    </beans:beans>

    now my problem is that after login if i hit the Logout button and submit page to /j_spring_security_logout, it gives me 404 page not found error.

    Any help would be much appreciated.

  • #2
    I was missing sutoem-filter position

    ehhh i was missing custome-filter position in my logout filter, that's why it was not been called in filter chain and hence page not found. I just have to put a tag like

    Code:
    <beans:bean id="logoutFilter" class="org.springframework.security.ui.logout.LogoutFilter">
         	<custom-filter position="LOGOUT_FILTER"/>     
    		<beans:constructor-arg value="/login.jsp"></beans:constructor-arg>
    ....................

    Comment


    • #3
      I want to implement web securities with spring

      hi sachin,

      i want to implement the web securities with spring framework and i am new to spring and web securities ccan you please help me how to implement web securites with spring framework and what are the classes and files required to implement so and what will be teh directory stucturea,it will be great help to me as i want to learn it

      Comment


      • #4
        Originally posted by vinaysingh View Post
        hi sachin,

        i want to implement the web securities with spring framework and i am new to spring and web securities ccan you please help me how to implement web securites with spring framework and what are the classes and files required to implement so and what will be teh directory stucturea,it will be great help to me as i want to learn it
        a good link to start with is
        Code:
        http://www.codercorp.com/blog/spring/security-spring/configuring-spring-security.html
        http://www.codercorp.com/blog/spring/security-spring/spring-security-login-logout-form.html
        Do some google, read tutorials and if stuck then post in the forum. you will get plenty of help.
        Last edited by sachin_yadav; Apr 8th, 2009, 01:58 AM. Reason: edited the links

        Comment


        • #5
          is there any sample application on web securities with tomcat server and spring frame

          thanks for you reply it will really be helpful for me if i get any samle application on web securities with spring on tomcat as i am trying this development on net beans IDE

          Comment

          Working...
          X