Announcement Announcement Module
Collapse
No announcement yet.
Multiple Authentication Filters Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Multiple Authentication Filters

    I have a web app managed by spring and I need to implement two ways to get to the same resource /foo. One way is via SAML and the spring-security-saml2 extension (which I have working alone) and the other is a custom authentication filter that I have already written.

    The question is how to wire them up. I currently have both SAML and the custom filters defined:

    Code:
      <bean id="myAuthenticationFilter" class="com.myco.MyAuthenticationProcessingFilter" >
        <property name="myService" ref="myService"/>
        <property name="defaultTargetUrl" value="/foo"/>
        <property name="authenticationManager" ref="authenticationManager"/>
        <property name="filterProcessesUrl" value="/foo/kind1"/>
        <security:custom-filter before="AUTHENTICATION_PROCESSING_FILTER"/>
      </bean>
    and

    Code:
      <bean id="samlProcessingFilter" class="org.springframework.security.saml.SAMLProcessingFilter" depends-on="bootstrap">
        <property name="authenticationManager" ref="authenticationManager"/>
        <property name="defaultTargetUrl" value="/foo"/>
        <property name="filterProcessesUrl" value="/foo/kind2"/>
        <property name="webSSOprofile" ref="webSSOprofile" />
        <security:custom-filter position="AUTHENTICATION_PROCESSING_FILTER"/>
      </bean>
    and my http config like:

    Code:
      <security:http auto-config="false" entry-point-ref="defaultEntryPoint">
        <security:intercept-url pattern="/**" filters="none"/>
        <security:intercept-url pattern="/foo/**" access="IS_AUTHENTICATED_FULLY"/>
       </security:http>
    On kind2 I have a form login page and I need the parameters from the form to be passed to the filter. In both cases if I go to the kind1 or kind2 pages, I get the filter called with no preprocessing, i.e. no Form displayed with a submit and no initial SAML stuff.

    I think what I need is EntryPoints (there is one for SAML but not sure how to write a custom one) but I'm very confused as to how to wire this up. Any help would be much appreciated.

    r
Working...
X