Announcement Announcement Module
Collapse
No announcement yet.
Configuring custom PreAuthenticatedAuthenticationProvider Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Configuring custom PreAuthenticatedAuthenticationProvider

    I am new to spring security. I want to integrate auto login to the application when request parameter has user.

    I tried following implementing AbstractPreAuthenticatedProcessingFilter and AuthenticationUserDetailsService and configuration.
    Code:
    public class AutoLoginFilter extends AbstractPreAuthenticatedProcessingFilter {
    	@Override
    	protected Object getPreAuthenticatedCredentials(HttpServletRequest request) {
    		return null;
    	}
    
    	@Override
    	protected Object getPreAuthenticatedPrincipal(HttpServletRequest request) {
    		String user = request.getParameter("user");
    		if (StringUtils.hasLength(user)) {
    			Collection<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
    			authorities.add(new GrantedAuthorityImpl("ROLE_SUPERVISOR"));
    			return new User(user , "autologin", true, true, true, true, authorities);
    		} else
    			return null;
    	}
    }
    
    public class AuthenticationUserDetailsServiceImpl implements AuthenticationUserDetailsService {
    	public UserDetails loadUserDetails(Authentication user) throws UsernameNotFoundException {
    		if (user.getPrincipal() != null) {
    			return (UserDetails) user.getPrincipal();
    		}
    		return null;
    	}
    }
    
    <global-method-security secured-annotations="enabled"/>
    	<http auto-config="true" >
    		<intercept-url pattern="/login.do*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    		<intercept-url pattern="/**" access="ROLE_USER" />
    		<form-login login-page='/login.do' default-target-url='/account/search.do' />
    		<custom-filter ref="autoLoginFilter" position="PRE_AUTH_FILTER"/>
    	</http>
    	<beans:bean id="autoLoginFilter" class="com.pg.backoffice.reports.auth.AutoLoginFilter">
    		<beans:property name="authenticationManager" ref="authenticationManager" />
    	</beans:bean>
    	<beans:bean id="preauthAuthProvider" class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
    		<custom-authentication-provider />
    		<beans:property  name="preAuthenticatedUserDetailsService" ref="rsa">
    		</beans:property>
    	</beans:bean>
    	<beans:bean id="default" class="com.pg.backoffice.reports.auth.AuthenticationUserDetailsServiceImpl"></beans:bean>
    	<authentication-manager alias="authenticationManager">
    		<authentication-provider >
    			<user-service>
    				<user name="admin" password="admin" authorities="ROLE_SUPERVISOR,ROLE_USER, ROLE_TELLER" />
    				<user name="root" password="root" authorities="ROLE_USER,ROLE_TELLER" />
    			</user-service>
    		</authentication-provider>
    	</authentication-manager>
    But, I am getting below exception.
    Caused by: org.xml.sax.SAXParseException: cvc-complex-type.2.4.c: The matching wildcard is strict, but no declaration can be found for element 'custom-authentication-provider'.
    at com.sun.org.apache.xerces.internal.util.ErrorHandl erWrapper.createSAXParseException(ErrorHandlerWrap per.java:195)


    If I tried commenting out custom-authentication-provider. I am getting below exception
    Code:
    <beans:bean id="preauthAuthProvider" class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
    		<!-- <custom-authentication-provider />  -->
    		<beans:property  name="preAuthenticatedUserDetailsService" ref="rsa">
    		</beans:property>
    	</beans:bean>
    
    EXCEPTION: 
    23-11-09 13:33:12,937 DEBUG [http-81-1] com.pg.backoffice.reports.auth.AutoLoginFilter     - Cleared security context due to exception
    org.springframework.security.authentication.ProviderNotFoundException: No AuthenticationProvider found for org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken
    	at org.springframework.security.authentication.ProviderManager.doAuthentication(ProviderManager.java:156)
    	at org.springframework.security.authentication.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:49)
    	at org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter.doAuthenticate(AbstractPreAuthenticatedProcessingFilter.java:106)
    	at org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter.doFilter(AbstractPreAuthenticatedProcessingFilter.java:76)
    Please let me know to configure PreAuthenticatedAuthenticationProvider.

    Thanks
    siva

  • #2
    I have not worked on it, but found a thread that might help.

    http://forum.springsource.org/showth...ht=single+sign

    Comment


    • #3
      The custom-provider should now be inside the <authentication-manager /> element. Check out the latest manual or the release announcement(s) for more information:

      http://forum.springsource.org/showthread.php?t=79034
      http://forum.springsource.org/showthread.php?t=76596

      Comment


      • #4
        I tried removing custom authentication provider aded ref in authentication provider. But I am getting different exception
        Code:
        	<beans:bean id="preauthAuthProvider"
        		class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
        		<beans:property name="preAuthenticatedUserDetailsService">
        			<beans:bean class="com.pg.backoffice.reports.auth.RsaAuthenticationUserDetailsService"></beans:bean>
        		</beans:property>
        		<beans:property name="order" value="1"/>
        	</beans:bean>
        
        	<authentication-manager alias="authenticationManager" >
        		<authentication-provider ref="preauthAuthProvider"></authentication-provider>
        		<authentication-provider >
        			<user-service>
        				<user name="admin" password="admin" authorities="ROLE_SUPERVISOR,ROLE_USER, ROLE_TELLER" />
        				<user name="root" password="root" authorities="ROLE_USER,ROLE_TELLER" />
        			</user-service>
        		</authentication-provider>
        	</authentication-manager>
        Exception:
        Code:
        org.springframework.security.authentication.ProviderNotFoundException: No AuthenticationProvider found for org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken
        	at org.springframework.security.authentication.ProviderManager.doAuthentication(ProviderManager.java:156)
        	at org.springframework.security.authentication.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:49)
        	at org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter.doAuthenticate(AbstractPreAuthenticatedProcessingFilter.java:106)
        	at org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter.doFilter(AbstractPreAuthenticatedProcessingFilter.java:76)
        	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:356)
        	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:80)
        	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:356)
        	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:150)
        	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
        	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)

        Comment


        • #5
          I am able to integrate with following code changes. Thanks for the responses.

          Code:
          	<global-method-security secured-annotations="enabled">
          	</global-method-security>
          	<http auto-config="false">
          		<intercept-url pattern="/login.do*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
          		<intercept-url pattern="/**" access="ROLE_USER" />
          		<form-login login-page='/login.do' default-target-url='/account/search.do' />
          		<custom-filter ref="autoLoginFilter" position="PRE_AUTH_FILTER" />
          		<logout logout-url="/logout.do" logout-success-url="/login.do"/>
          	</http>
          
          	<beans:bean id="autoLoginFilter" class="com.pg.backoffice.reports.auth.AutoLoginFilter">
          		<beans:property name="authenticationManager" ref="authenticationManager" />
          	</beans:bean>
          	<beans:bean id="preauthAuthProvider"
          		class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
          		<beans:property name="preAuthenticatedUserDetailsService">
          			<beans:bean class="com.pg.backoffice.reports.auth.RsaAuthenticationUserDetailsService"></beans:bean>  
          		</beans:property>
          		<beans:property name="order" value="1"/>
          	</beans:bean>
          
          	<authentication-manager alias="authenticationManager" >
          		<authentication-provider ref="preauthAuthProvider" ></authentication-provider>
          		<authentication-provider >
          			<user-service id="rsaUser">
          				<user name="admin" password="admin" authorities="ROLE_SUPERVISOR,ROLE_USER, ROLE_TELLER" />
          				<user name="root" password="root" authorities="ROLE_USER,ROLE_TELLER" />
          			</user-service>
          		</authentication-provider>
          	</authentication-manager>
          Code:
          public class AutoLoginFilter extends AbstractPreAuthenticatedProcessingFilter {
          
          	@Override
          	protected Object getPreAuthenticatedCredentials(HttpServletRequest request) {
          		String user = request.getParameter("user");
          		if (StringUtils.hasLength(user)) {
          			return "ROLE_SUPERVISOR";
          		} else
          			return null;
          	}
          
          	@Override
          	protected Object getPreAuthenticatedPrincipal(HttpServletRequest request) {
          		System.out.println("getPreAuthenticatedCredentials: " + request.getRequestURI());
          		String user = request.getParameter("user");
          		if (StringUtils.hasLength(user)) {
          			return user;
          		} else
          			return null;
          	}
          }
          Code:
          public class RsaAuthenticationUserDetailsService implements AuthenticationUserDetailsService{
          
          	public UserDetails loadUserDetails(Authentication user) throws UsernameNotFoundException {
          		if (user.getPrincipal() != null) {
          			Collection<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
          			authorities.add(new GrantedAuthorityImpl("ROLE_USER"));
          			return new User((String) user.getPrincipal(), "none", true, true, true, true, authorities);
          		}
          		return null;
          	}
          }

          Comment


          • #6
            How does one specify a customer Authentication Provider to be used with core version 2.0.4 since the ref="customAuthenticationProvider" is not allowed.

            Code:
            	<authentication-provider>
            		<password-encoder  ref="customEncoder" />
            		<jdbc-user-service data-source-ref="dataSource"
            				users-by-username-query="SELECT email as 'username', password as 'password', 1  FROM user WHERE email = ?"
            				authorities-by-username-query="SELECT email as 'username', (CASE roleId WHEN 2 THEN 'ROLE_ADMIN' ELSE 'ROLE_USER' END) as 'authority' FROM user WHERE email=?" />
            	</authentication-provider>
            We have a custom encoding that needs to be used, "customerEncoder" . The user's password needs to be passed as "userName" + "password" for the custom encoder to match correctly the password. Thus, this is the only reason the custom Authentication Provider is needed.

            Comment

            Working...
            X