Announcement Announcement Module
Collapse
No announcement yet.
Setting Spring Security 3 authenticationFailureUrl & defaultTargetUrl Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Setting Spring Security 3 authenticationFailureUrl & defaultTargetUrl

    I created a custom authentication filter extending the UsernamePasswordAuthenticationFilter. in security-config.xml i'm customizing it like this (using this doc http://static.springsource.org/sprin...a-form-login):

    <beans:bean id="userPassFilter" class="....GFAuthFilter">
    <beans: property name="defaultTargetUrl" value="/login/home" />
    <beans: property name="authenticationFailureUrl" value="/login/form" />
    <beans: property name="alwaysUseDefaultTargetUrl" value="true" />
    <beans: property name="filterProcessesUrl" value="/j_spring_security_check" />
    <beans: property name="authenticationManager" ref="authenticationManager" />
    </beans:bean>

    At startup the bean creation fails because the bean have no defaultTargetUrl and authenticationFailureUrl properties (and the javadoc confirms this).

    Is the Appendix B of the documentation outdated?

    How can I set this properties for my filter?

  • #2
    Appendix B is just about namespace configuration whereas you are using an explicit Spring bean. Check out the Javdoc for AbstractAuthenticationProcessingFilter and the Application Flow on Authentication Success and Failure section of the docs (also the Javadoc for the classes mentioned in there).

    Basically, the different approaches to controlling the navigation on authentication success have been amalgamated into a single strategy interface which can be injected into the filter (or the namespace).

    Comment


    • #3
      Hi Luke,

      I have the same problem as c026. I want to use my custom authentification and a my custom login site, but I can't find an example how to configure it.

      I have designed my login site which is running inside a tomcat an I have a login-check SessionBean running on a JBoss. Now I want to combine them by using SpringSecurity, but I don't know how.

      I read the link you postet, but it doesn't help me.
      Maybe you can send me a link to an example?

      All the best,
      arres

      Comment


      • #4
        An example of the security config for a custom auth filter

        Following Luke's link, this is what is working for me:

        Code:
        <http auto-config="false">
        	[.. no <form-login> element ..]
        	<custom-filter position="FORM_LOGIN_FILTER" ref="myAuthFilter" />
        </http>
        
        <beans:bean id="myAuthFilter" class="com.company.project.filters.CustomUsernamePasswordAuthenticationFilter">
        	<beans:property name="authenticationManager" ref="authManager"/>
        	<!-- <beans:property name="defaultTargetUrl" value="/" /> -->
        	<!-- <beans:property name="authenticationFailureUrl" value="/login?login_error=t" /> -->
        	<beans:property name="authenticationFailureHandler" ref="failureHandler" />
        	<beans:property name="authenticationSuccessHandler" ref="successHandler" />
        	<beans:property name="filterProcessesUrl" value="/static/j_spring_security_check" />
        	<beans:property name="allowSessionCreation" value="true" />
        	<beans:property name="sessionAuthenticationStrategy" ref="sas"/>
        </beans:bean>
        	
        <beans:bean id="successHandler" class="org.springframework.security.web.authentication.org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler" >
        	<beans:property name="defaultTargetUrl" value="/" /> <!-- which is the default value -->
        </beans:bean>
        <beans:bean id="failureHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler" >
        	<beans:property name="defaultFailureUrl" value="/login?login_error=t" />
        </beans:bean>
        <beans:bean id="sas" class="org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy">
        	<beans:property name="migrateSessionAttributes" value="true" />
        </beans:bean>
        Although not really related and not using Spring Security 3.0.x, this was quite helpful to get started:
        Custom AuthenticationProcessingFilter for spring security to perform actions on login
        Last edited by Wolfram; Feb 12th, 2010, 09:16 AM. Reason: Added SavedRequestAwareAuthenticationSuccessHandler + SessionAuthenticationStrategy

        Comment

        Working...
        X