Announcement Announcement Module
Collapse
No announcement yet.
Spring Authentication Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring Authentication

    Hi ,


    ApplicationContext.xml
    ----------------------
    <security:http auto-config="true" access-denied-page="/AccessDenied">
    <security:intercept-url pattern="/LoginPage" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
    <security:intercept-url pattern="/**" access="ROLE_ADMIN"/>
    <security:concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="true" />


    <security:form-login login-page="/LoginPage" authentication-failure-url="/LoginPage"/>
    </security:http>


    <!-- Security Authentication Provider -->
    <security:authentication-provider>
    <security:user-service>
    <security:user password="admin" name="admin"
    authorities="ROLE_ADMIN" />
    <security:user password="suresh" name="suresh"
    authorities="ROLE_USER" />
    <security:user password="venkat" name="venkat"
    authorities="ROLE_USER" />

    </security:user-service>

    </security:authentication-provider>

    <bean id="filterChainProxy" class="org.springframework.security.util.FilterCha inProxy">
    <property name="filterInvocationDefinitionSource">
    <value>
    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    PATTERN_TYPE_APACHE_ANT
    /**=concurrentSessionFilter,httpSessionContextInteg rationFilter,logoutFilter
    </value>
    </property>
    </bean>
    <bean id="concurrentSessionFilter"
    class="org.springframework.security.concurrent.Con currentSessionFilter">
    <property name="sessionRegistry" ref="sessionRegistry" />
    <property name="expiredUrl" value="/MyLoginPage" />
    </bean>


    <bean id="httpSessionContextIntegrationFilter"
    class="org.springframework.security.context.HttpSe ssionContextIntegrationFilter">
    <property name="allowSessionCreation" value="true"/>
    <property name="forceEagerSessionCreation" value="true"/>
    </bean>
    <bean id="logoutFilter"
    class="org.springframework.security.ui.logout.Logo utFilter">
    <constructor-arg value="/" />
    <constructor-arg>
    <list>
    <bean
    class="org.springframework.security.ui.logout.Secu rityContextLogoutHandler"/>
    </list>
    </constructor-arg>
    </bean>
    <bean id="sessionRegistry"
    class="org.springframework.security.concurrent.Ses sionRegistryImpl" />

    Web.xml
    --------

    <filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFil terProxy</filter-class>
    </filter>
    <filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
    </filter-mapping>

    <listener>
    <listener-class>
    org.springframework.web.context.ContextLoaderListe ner
    </listener-class>
    </listener>
    <listener><listener-class>
    org.springframework.security.ui.session.HttpSessio nEventPublisher
    </listener-class>
    </listener>

    Login.Java
    ----------
    public class LoginPage extends WebPage {


    EofficeUser eofficeUser;
    public LoginPage() {
    //super(LoginPage.class);
    eofficeUser= new EofficeUser();
    add(new LoginPageForm("loginForm"));

    add(new FeedbackPanel("errorMessages") {

    private static final long serialVersionUID = 1L;

    public boolean isVisible() {
    return anyMessage(FeedbackMessage.ERROR);
    }
    });
    }

    public class LoginPageForm extends Form<LoginPageForm> {

    private static final long serialVersionUID = 1L;

    public LoginPageForm(String id) {
    super(id);

    add(new RequiredTextField<String>("loginId", new PropertyModel<String>(eofficeUser, "loginId")));
    add(new PasswordTextField("password", new PropertyModel<String>(eofficeUser, "password")));
    }

    @Override
    public final void onSubmit() {

    AuthenticatedWebSession session = AuthenticatedWebSession.get();
    if(session.authenticate(eofficeUser.getLoginId(), eofficeUser.getPassword())){
    System.out.println("Authenticated Successfully"+session.getRoles());}

    if(session.signIn(eofficeUser.getLoginId(), eofficeUser.getPassword())) {
    setDefaultResponsePageIfNecessary();
    } else {
    setResponsePage(LoginPage.class);
    }

    }

    private void setDefaultResponsePageIfNecessary() {
    if(!continueToOriginalDestination()) {
    setResponsePage(((MyAuthenticatedWebApplication) getApplication()).getSignInPageClass());
    }
    }




    }

    }

    AuthenticatedWebSession.java
    -----------------------------

    @SpringBean
    private transient AuthenticationManager authenticationManager;

    @Override
    public boolean authenticate(String username, String password) {
    System.out.println(username+password);
    boolean authenticated = false;
    try {
    Authentication authentication = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(username, password));


    SecurityContextHolder.getContext().setAuthenticati on(authentication);

    authenticated = authentication.isAuthenticated();
    System.out.println("Authenticated Details"+authentication.getDetails());
    } catch (AuthenticationException e) {

    authenticated = false;
    }
    return authenticated;
    }

    I am getting Null Pointer Exception when i call session.authenticate(usrerid,password)(userid and password or not null)


    pleas let me know Whether i am missing something before authenticating the user and password or i have done some thing wrong with spring security configuration.
    Please help me to sort out this problem.

    Thanks in advance.

    Regards,
    Suresh
Working...
X