Announcement Announcement Module
Collapse
No announcement yet.
Custom authentication <http> without AuthenticationEntryPoint Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Custom authentication <http> without AuthenticationEntryPoint

    Hi All,

    I am using Spring Security and have a custom login process (with GWT) which works perfectly.

    I want to leverage the filter chain proxy mechanism (e.g. HttpSessionContextIntegrationFilter etc) defined by <http> but cannot seem to get it to work with <http auto-config="false"> as i am being prompted for a custom-entry-point-ref.

    Does anyone know how i can get this to work without the need to specify a custom entry point?

    Thanks in advance.

    /wolf

  • #2
    Something like this:
    Code:
        <http auto-config='true'>
            <form-login login-page="/login.action" default-target-url="/secure/home.action"
                        authentication-failure-url="/login.action?login_error=1"
                        login-processing-url="/j_spring_security_check"/>
            <concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="true"/>
        </http>
    You can read about this at first pages of Spring Security Reference.

    Comment


    • #3
      An "entry point" is required, even if it doesn't actually start an authentication process. Normally if you're using the namespace, the entry point will be provided by something like the <form-login /> element. If you don't need to start authentication when a user is denied access to a resource, then you can just implement an AuthenticationEntryPoint which returns a forbidden code to the caller (since it should never be called in normal usage).

      The pre-authentication code does something like this. For Spring Security 3.0, the pre-auth entry point implementation has already been renamed to something like Http403ForbiddenEntryPoint to explain what it actually does. That's probably the approach you're after.

      I would ignore the "auto-config" option if you have a customized setup. in that case, it's easier to understand what's going on if things are explicitly defined. It defaults to "false".

      Comment


      • #4
        Luke, thanks for the reply.

        As i understand, i would need to supply an entry point even though it is not actually being used.

        How can i go about customizing the filter list to remove ExceptionTranslationFilter which is dependent on an AuthenticationEntryPoint?
        I have already tried using:

        Code:
        <b:bean id="springSecurityFilterChain" class="org.springframework.security.util.FilterChainProxy">
           <filter-chain-map path-type="ant">
              <filter-chain pattern="/**" filters="httpSessionContextIntegrationFilter,logoutFilter,securityContextHolderAwareRequestFilter,sessionFixationProtectionFilter"/>
           </filter-chain-map>
        </b:bean>
        However, this does not seem to be picked up in the bootstrap process?

        Thanks.

        Comment


        • #5
          Originally posted by nightWolf View Post
          Luke, thanks for the reply.

          As i understand, i would need to supply an entry point even though it is not actually being used.

          How can i go about customizing the filter list to remove ExceptionTranslationFilter which is dependent on an AuthenticationEntryPoint?
          You can't. If you want to use namespace-based configuration then you have to set an entry point:

          http://static.springframework.org/sp...ntry-point-ref

          If you want to use traditional bean configuration then you have to declare the beans explicitly which you are adding to the filter chain. Don't use the name "springSecurityFilterChain" in combination with the <http> syntax. In fact, it's probably best not to use it at all and consider it a reserved word.

          Comment


          • #6
            I think i'll stick to having a default entry point!

            Thanks for your help Luke.

            Comment

            Working...
            X