Announcement Announcement Module
Collapse
No announcement yet.
preauthentication in spring Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • preauthentication in spring

    hi all,
    i am very new to spring and trying to use spring security preauthentication.

    following are the configuration i did:

    security-context.xml
    -------------------------

    <http auto-config='true' use-expressions="true">
    <intercept-url pattern="/search.html" access="hasRole('ROLE_USER')" />
    <intercept-url pattern="/edit.html" access="hasRole('ROLE_ADMIN')" />
    <intercept-url pattern="/login.html" access="permitAll" />
    <intercept-url pattern="/static/**" access="permitAll" />
    <intercept-url pattern="/" access="permitAll" />
    <intercept-url pattern="/**" access="permitAll" />
    <form-login login-page="/login.html" login-processing-url="/loginProcess.html"
    default-target-url="/search.html" />
    <logout logout-url="/logout.html" />
    <custom-filter ref="siteminderFilter" position="PRE_AUTH_FILTER" />
    </http>

    <!--
    naveen:newyork
    jyoti:newjersey
    -->

    <beans:bean id="siteminderFilter"
    class="com.spring.security.web.security.CustomRequ estHeaderAuthenticationFilter">
    <beansroperty name="authenticationManager" ref="authenticationManager" />
    </beans:bean>

    <beans:bean id="preauthAuthProvider"
    class="org.springframework.security.web.authentica tion.preauth.PreAuthenticatedAuthenticationProvide r">
    <beansroperty name="preAuthenticatedUserDetailsService">
    <beans:bean id="userDetailsServiceWrapper"
    class="org.springframework.security.core.userdetai ls.UserDetailsByNameServiceWrapper">
    <beansroperty name="userDetailsService" ref="userDetailsService" />
    </beans:bean>
    </beansroperty>
    </beans:bean>
    <beans:bean id="userDetailsService"
    class="com.spring.security.web.model.service.UserD etailsServiceImpl"></beans:bean>

    <authentication-manager alias="authenticationManager">
    <authentication-provider ref="preauthAuthProvider" />
    </authentication-manager>

    ======================
    Login.jsp
    -----------
    <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
    <%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt"%>
    <%@ taglib prefix="form" uri="http://www.springframework.org/tags/form"%>
    <form action="loginProcess.html" method="post">
    <table class="search">
    <tr>
    <td>Username</td>
    <td><input type="text" name="j_username" id="j_username" /></td>
    </tr>
    <tr>
    <td>Password</td>
    <td><input type="password" name="j_password" id="j_password" /></td>
    </tr>
    <tr>
    <td><input name="submit" id="submit" type="submit" value="Login" /></td>
    <td></td>
    </tr>
    </table>
    </form>


    =====================
    CustomRequestHeaderAuthenticationFilter.java which extends AbstractPreAuthenticatedProcessingFilter
    package com.spring.security.web.security;

    //import javax.servlet.http.Cookie;

    import javax.servlet.http.HttpServletRequest;

    import org.springframework.security.web.authentication.pr eauth.AbstractPreAuthenticatedProcessingFilter;

    //import org.springframework.security.web.authentication.pr eauth.RequestHeaderAuthenticationFilter;

    //import org.springframework.security.web.authentication.pr eauth.RequestHeaderAuthenticationFilter;

    public class CustomRequestHeaderAuthenticationFilter extends
    AbstractPreAuthenticatedProcessingFilter {

    @Override
    protected Object getPreAuthenticatedCredentials(HttpServletRequest request) {
    // TODO Auto-generated method stub
    String password = request.getParameter("j_password");
    return password;
    }

    @Override
    protected Object getPreAuthenticatedPrincipal(HttpServletRequest request) {
    // TODO Auto-generated method stub
    String username = request.getParameter("j_username");
    return username;
    }

    }


    =======================
    UserDetailServiceImpl
    ---------------------

    package com.spring.security.web.model.service;

    import java.util.ArrayList;

    import org.springframework.dao.DataAccessException;
    import org.springframework.security.core.GrantedAuthority ;
    import org.springframework.security.core.authority.Grante dAuthorityImpl;
    import org.springframework.security.core.userdetails.User Details;
    import org.springframework.security.core.userdetails.User DetailsService;
    import org.springframework.security.core.userdetails.User nameNotFoundException;

    import org.springframework.security.core.userdetails.User ;

    public class UserDetailsServiceImpl implements UserDetailsService {

    GrantedAuthorityImpl roleUser = new GrantedAuthorityImpl("ROLE_USER");
    GrantedAuthorityImpl roleAdmin = new GrantedAuthorityImpl("ROLE_ADMIN");

    @Override
    public UserDetails loadUserByUsername(String username)
    throws UsernameNotFoundException, DataAccessException {
    // TODO Auto-generated method stub

    User user = null;

    ArrayList<GrantedAuthority> userAuth = new ArrayList<GrantedAuthority>();
    ArrayList<GrantedAuthority> adminAuth = new ArrayList<GrantedAuthority>();
    userAuth.add(roleUser);
    adminAuth.add(roleUser);
    adminAuth.add(roleAdmin);

    if (username.equals("naveen")) {
    user = new User("naveen", "369389d19e24204b4927e30dd7c39efc", true, true, true, true,
    adminAuth);
    } else if (username.equals("jyoti")) {
    user = new User("jyoti", "newjersey", true, true, true, true,
    userAuth);
    } else {
    throw new UsernameNotFoundException("User Does not exist!");
    }

    return user;
    }

    }


    ======================

    this displays the login page fine. but when i login using credentials, nthing happenes and the same login page appears again n again
    =========================

    i used the same application with just the default spring security and it worked fine ther. can anyone have a look in the codes and help me

  • #2
    preauthentication in spring

    I am not sure regarding your security-context.xml.
    But what i know is if you want to customize spring security.. you need to write authenticationprocessingfilter with appropriate property values in xml file.

    any specific reason behind doing this with preauthentication?

    I don't see any need for preauthentication here. Its simple authentication process.. is that right?

    Comment

    Working...
    X