Announcement Announcement Module
Collapse
No announcement yet.
Spring Security 3 + Custom Filters Problem + <http authentication-failure-handler-ref Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring Security 3 + Custom Filters Problem + <http authentication-failure-handler-ref

    Hi,

    I'm trying to implement a custom filter that will be invoked when a user makes an successful (or unsuccessful) login attempt.

    Here is my code snippet that performs the authentication attempt:

    Code:
    public void attemptLogin(String username, String password){
        Authentication authenticationRequest = new UsernamePasswordAuthenticationToken(username, password);
        authenticationRequest = authManager.authenticate(authenticationRequest);
            if (authenticationRequest.isAuthenticated())
            {
    SecurityContextHolder.getContext().setAuthentication(authenticationRequest);
    }
    }
    NB The request is coming from a Flex client via RemoteObject.

    This works & I can log in, as the followin log statements illustrate:

    Code:
    10-04-01 15:00:53,732 - http-8080-3 - DEBUG - security.authentication.ProviderManager - Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
    2010-04-01 15:00:53,732 - http-8080-3 - DEBUG - ilm.util.TycoReloadableResourceBundleMessageSource - Loading properties [messages.properties]
    2010-04-01 15:00:53,732 - http-8080-3 - DEBUG - ilm.util.TycoReloadableResourceBundleMessageSource - No properties file found for [WEB-INF/locale/messages_en] - neither plain properties nor XML
    2010-04-01 15:00:53,732 - http-8080-3 - DEBUG - ilm.util.TycoReloadableResourceBundleMessageSource - Loading properties [messages_en_GB.properties]
    2010-04-01 15:00:53,857 - http-8080-3 - DEBUG - web.access.ExceptionTranslationFilter - Chain processed normally
    2010-04-01 15:00:53,857 - http-8080-3 - DEBUG - web.context.HttpSessionSecurityContextRepository - SecurityContext stored to HttpSession: '[email protected]f5eed: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@b65f5eed: Principal: org.springframework.security.core.userdetails.User@f6ceba80: Username: kevk; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN; Password: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_ADMIN'
    2010-04-01 15:00:53,857 - http-8080-3 - DEBUG - web.context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
    2010-04-01 15:00:53,857 - http-8080-3 - DEBUG - flex.security3.SessionFixationProtectionPostProcessor$PriorityOrderedRequestContextFilter - Cleared thread-bound request context: org.apache.catalina.connector.RequestFacade@b8ea59
    2010-04-01 15:00:53,889 - http-8080-2 - DEBUG - security.web.FilterChainProxy - Converted URL to lowercase, from: '/messagebroker/amflongpolling'; to: '/messagebroker/amflongpolling'
    2010-04-01 15:00:53,889 - http-8080-2 - DEBUG - security.web.FilterChainProxy - Candidate is: '/messagebroker/amflongpolling'; pattern is /index.html; matched=false
    2010-04-01 15:00:53,889 - http-8080-2 - DEBUG - security.web.FilterChainProxy - Converted URL to lowercase, from: '/messagebroker/amflongpolling'; to: '/messagebroker/amflongpolling'
    2010-04-01 15:00:53,889 - http-8080-2 - DEBUG - security.web.FilterChainProxy - Candidate is: '/messagebroker/amflongpolling'; pattern is /**/*.swf; matched=false
    2010-04-01 15:00:53,889 - http-8080-2 - DEBUG - security.web.FilterChainProxy - Converted URL to lowercase, from: '/messagebroker/amflongpolling'; to: '/messagebroker/amflongpolling'
    2010-04-01 15:00:53,889 - http-8080-2 - DEBUG - security.web.FilterChainProxy - Candidate is: '/messagebroker/amflongpolling'; pattern is /**/*.js; matched=false
    2010-04-01 15:00:53,889 - http-8080-2 - DEBUG - security.web.FilterChainProxy - Converted URL to lowercase, from: '/messagebroker/amflongpolling'; to: '/messagebroker/amflongpolling'
    2010-04-01 15:00:53,889 - http-8080-2 - DEBUG - security.web.FilterChainProxy - Candidate is: '/messagebroker/amflongpolling'; pattern is /**; matched=true
    2010-04-01 15:00:53,889 - http-8080-2 - DEBUG - security.web.FilterChainProxy - /messagebroker/amflongpolling at position 1 of 9 in additional filter chain; firing Filter: 'org.springframework.flex.security3.SessionFixationProtectionPostProcessor$PriorityOrderedRequestContextFilter@16401d3'
    2010-04-01 15:00:53,889 - http-8080-2 - DEBUG - flex.security3.SessionFixationProtectionPostProcessor$PriorityOrderedRequestContextFilter - Bound request context to thread: org.apache.catalina.connector.RequestFacade@174ba2a
    2010-04-01 15:00:53,904 - http-8080-2 - DEBUG - security.web.FilterChainProxy - /messagebroker/amflongpolling at position 2 of 9 in additional filter chain; firing Filter: 'org.springframework.security.web.context.SecurityContextPersistenceFilter@6a400c'
    2010-04-01 15:00:53,904 - http-8080-2 - DEBUG - web.context.HttpSessionSecurityContextRepository - Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: '[email protected]f5eed: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@b65f5eed: Principal: org.springframework.security.core.userdetails.User@f6ceba80: Username: kevk; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN; Password: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_ADMIN'
    2010-04-01 15:00:53,904 - http-8080-2 - DEBUG - security.web.FilterChainProxy - /messagebroker/amflongpolling at position 3 of 9 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@1d34b59'
    2010-04-01 15:00:53,904 - http-8080-2 - DEBUG - security.web.FilterChainProxy - /messagebroker/amflongpolling at position 4 of 9 in additional filter chain; firing Filter: 'com.tycoelectronics.northwales.ilm.util.TycoAuthenticationProcessingFilter@f7ca3a'
    2010-04-01 15:00:53,904 - http-8080-2 - DEBUG - security.web.FilterChainProxy - /messagebroker/amflongpolling at position 5 of 9 in additional filter chain; firing Filter: 'org.springframework.security.web.savedrequest.RequestCacheAwareFilter@1fdb097'
    2010-04-01 15:00:53,904 - http-8080-2 - DEBUG - security.web.FilterChainProxy - /messagebroker/amflongpolling at position 6 of 9 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.AnonymousAuthenticationFilter@5495cf'
    2010-04-01 15:00:53,904 - http-8080-2 - DEBUG - web.authentication.AnonymousAuthenticationFilter - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@b65f5eed: Principal: org.springframework.security.core.userdetails.User@f6ceba80: Username: kevk; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN; Password: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_ADMIN'
    2010-04-01 15:00:53,904 - http-8080-2 - DEBUG - security.web.FilterChainProxy - /messagebroker/amflongpolling at position 7 of 9 in additional filter chain; firing Filter: '[email protected]1375169'
    2010-04-01 15:00:53,904 - http-8080-2 - DEBUG - security.web.FilterChainProxy - /messagebroker/amflongpolling at position 8 of 9 in additional filter chain; firing Filter: 'org.springframework.security.web.access.ExceptionTranslationFilter@c1d588'
    2010-04-01 15:00:53,904 - http-8080-2 - DEBUG - security.web.FilterChainProxy - /messagebroker/amflongpolling at position 9 of 9 in additional filter chain; firing Filter: 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor@1a9efcd'
    The problem is my custom filter is not being invoked, despite it saying in the logs:

    Code:
    2010-04-01 15:00:53,904 - http-8080-2 - DEBUG - security.web.FilterChainProxy - /messagebroker/amflongpolling at position 4 of 9 in additional filter chain; firing Filter: 'com.tycoelectronics.northwales.ilm.util.TycoAuthenticationProcessingFilter@f7ca3a'
    My successfulAuthentication() & unsuccessfulAuthentication() methods are never invoked, (note, my class extends UsernamePasswordAuthenticationFilter)

    Also, the authentication-failure-handler-ref bean is never invoked either!



    Here is my appSecurityContext.xml:

    Code:
    	<http servlet-api-provision="false" auto-config="false" entry-point-ref="authenticationProcessingFilterEntryPoint">
    		<intercept-url pattern="/index.html" filters="none"/>
    		<intercept-url pattern="/**/*.swf" filters="none"/>
    		<intercept-url pattern="/**/*.js" filters="none"/>
    		<!-- intercept-url pattern="/**" access="ROLE_USER"/ -->
    		<form-login login-page="/index.html" authentication-failure-handler-ref="failHand"/>
    		<custom-filter ref="authenticationProcessingFilter" after="FORM_LOGIN_FILTER" />
    	</http>
    
    <beans:bean id="authenticationProcessingFilter" class="com.tycoelectronics.northwales.ilm.util.TestAuthenticationProcessingFilter">
    	        <beans:property name="authenticationManager" ref="authenticationManager" />
    	    </beans:bean>
    
    	<beans:bean id="failHand"
    	        class="com.tycoelectronics.northwales.ilm.util.TycoAuthenticationHandler" />
    	        
    	<beans:bean id="authenticationProcessingFilterEntryPoint"
    	        class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
    	        <beans:property name="loginFormUrl" value="/index.html" />
    	        <beans:property name="forceHttps" value="false" />
    	</beans:bean>
    Can somebody please help! I just cannot get any filter or handler to work, all I want is a filter to be informed when a user successfully authenticates (or not)

    Thanks in advance,

    Kevin

  • #2
    try this config
    PHP Code:
    <http servlet-api-provision="false" auto-config="false" entry-point-ref="authenticationProcessingFilterEntryPoint">
        <
    intercept-url pattern="/index.html" filters="none"/>
        <
    intercept-url pattern="/**/*.swf" filters="none"/>
        <
    intercept-url pattern="/**/*.js" filters="none"/>
        <!-- 
    intercept-url pattern="/**" access="ROLE_USER"/ -->
        <!-- 
    form-login login-page="/index.html" authentication-failure-handler-ref="failHand"/ -->
        <
    custom-filter ref="authenticationProcessingFilter" position="FORM_LOGIN_FILTER" />
    </
    http>

    <
    beans:bean id="authenticationProcessingFilter" class="com.tycoelectronics.northwales.ilm.util.TestAuthenticationProcessingFilter">
        <
    beans:property name="authenticationManager" ref="authenticationManager" />
    </
    beans:bean>

    <
    beans:bean id="failHand"
                
    class="com.tycoelectronics.northwales.ilm.util.TycoAuthenticationHandler" />
                
    <
    beans:bean id="authenticationProcessingFilterEntryPoint"
                
    class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
        <
    beans:property name="loginFormUrl" value="/index.html" />
        <
    beans:property name="forceHttps" value="false" />
    </
    beans:bean

    Comment


    • #3
      I think you'll need to post the code of the whole filter. If you're intending to override the attemptAuthentication method in UsernamePasswordAuthenticationFilter, you don't have the correct method signature, which is:

      public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException

      If it's not your intent to override this method, then please post all relevant code, since we can't guess where your method would be called from

      Comment

      Working...
      X