Announcement Announcement Module
Collapse
No announcement yet.
Can't hit custom AuthenticationProvider Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Can't hit custom AuthenticationProvider

    I created custom AuthenticationProvider and post the request to "/j_spring_security_check" with parameters "j_username" and "j_password".
    But I don't hit this provider class. Why?

    Here is configuration:

    Code:
       <security:http>
            <security:intercept-url pattern="/js/**" filters="none"/>
            <security:intercept-url pattern="/images/**" filters="none"/>
            <security:intercept-url pattern="/admin/**" access="ROLE_ADMIN" />
            <security:intercept-url pattern="/secured/**" access="ROLE_SECURED" />
            <security:form-login login-page='/login.action'/>
        </security:http>
        
    <security:authentication-manager>
        <security:authentication-provider ref="myAuthenticationProvider"/>
    </security:authentication-manager>
    
        <bean id="myAuthenticationProvider" class="MyAuthenticationProvider"/>
    
    
    public class MyAuthenticationProvider implements AuthenticationProvider 
    {
    
        public Authentication authenticate(Authentication authentication) throws AuthenticationException
        {
             //I never hit this class

  • #2
    Do you have the following filter defined in your web.xml?

    Code:
    	<filter>
    		<filter-name>springSecurityFilterChain</filter-name>
    		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    	</filter>
    
    	<filter-mapping>
    		<filter-name>springSecurityFilterChain</filter-name>
    		<url-pattern>/*</url-pattern>
    	</filter-mapping>

    Comment


    • #3
      Originally posted by amiladomingo View Post
      Do you have the following filter defined in your web.xml?

      Code:
      	<filter>
      		<filter-name>springSecurityFilterChain</filter-name>
      		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
      	</filter>
      
      	<filter-mapping>
      		<filter-name>springSecurityFilterChain</filter-name>
      		<url-pattern>/*</url-pattern>
      	</filter-mapping>
      Yes. I can't access secured urls, this means - this filter works.
      But why I don't hit MyAuthenticationProvider?

      Comment


      • #4
        Did you ensure to properly implement MyAuthenticationProvider.supports method properly? If you never return true the authenticate method will never be called.

        Comment


        • #5
          Can you post MyAuthenticationProvider implementation?

          Other thing is why can't you extend the AbstractUserDetailsAuthenticationProvider. if you extend this, you'll only have to implement additionalAuthenticationChecks and retrieveUser. But this class is meant to be extended by classes that indent to work with UserDetails and UsernamePasswordAuthenticationToken.

          Comment


          • #6
            Did you ensure to properly implement MyAuthenticationProvider.supports method properly? If you never return true the authenticate method will never be called.
            MyAuthenticationProvider.supports??? What is it? Can't find it in reference.
            Other thing is why can't you extend the AbstractUserDetailsAuthenticationProvider. if you extend this, you'll only have to implement additionalAuthenticationChecks and retrieveUser. But this class is meant to be extended by classes that indent to work with UserDetails and UsernamePasswordAuthenticationToken.
            Can you post links to samples with such implementations?

            Comment


            • #7
              Sample implementation. Inject your UserDao (or any other class that provides a way to retrieve user details) to this class and retrieve the user from it (inside retrieveUser method).

              Code:
              public class AuthenticationProvider extends
              		AbstractUserDetailsAuthenticationProvider {
              
              	@Override
              	public UserDetails retrieveUser(String userName,
              			UsernamePasswordAuthenticationToken authentication) {
              
              		// Add the logic that will retrieve the user details (user account
              		// statuses and granted authorities)
              		return null;
              	}
              
              	@Override
              	protected void additionalAuthenticationChecks(
              			org.springframework.security.core.userdetails.UserDetails userDetails,
              			UsernamePasswordAuthenticationToken authentication)
              			throws AuthenticationException {
              		// Add any additional checks of a returned UserDetails
              	}
              }
              Extending AbstractUserDetailsAuthenticationProvider saves you from not implementing supports method

              Comment


              • #8
                Maybe I understand something wrong...
                I guess I must hit method AuthenticationProvider.retrieveUser (or AuthenticationProvider.authenticate) after posting request to to "/j_spring_security_check" with parameters "j_username" and "j_password".
                Is it correctly?

                Comment


                • #9
                  Hey, try something like this,

                  Code:
                  <security:authentication-manager>
                      <security:authentication-provider>
                        <security:user-service>
                          <security:user name="jimi" password="jimi" authorities="ROLE_ADMIN" />
                          <security:user name="bob" password="bob" authorities="ROLE_SECURED" />
                        </security:user-service>
                      </security:authentication-provider>
                    </security:authentication-manager>
                  If this works, then we know there is nothing wrong with the way you have configured JSPs, web.xml and FilterChainProxy

                  Comment


                  • #10
                    Originally posted by amiladomingo View Post
                    Hey, try something like this,

                    Code:
                    <security:authentication-manager>
                        <security:authentication-provider>
                          <security:user-service>
                            <security:user name="jimi" password="jimi" authorities="ROLE_ADMIN" />
                            <security:user name="bob" password="bob" authorities="ROLE_SECURED" />
                          </security:user-service>
                        </security:authentication-provider>
                      </security:authentication-manager>
                    If this works, then we know there is nothing wrong with the way you have configured JSPs, web.xml and FilterChainProxy
                    Yes, it works. But I when I use custom AuthenticationProvider, can't hit neither AuthenticationProvider.retrieveUser nor AuthenticationProvider.authenticate.

                    Comment


                    • #11
                      But I when I use custom AuthenticationProvider, can't hit neither AuthenticationProvider.retrieveUser nor AuthenticationProvider.authenticate.
                      Are you implementing the AuthenticationProvider or extending something like AbstractUserDetailsAuthenticationProvider?

                      Is there a way to attach your code?

                      Comment


                      • #12
                        Originally posted by amiladomingo View Post
                        Are you implementing the AuthenticationProvider or extending something like AbstractUserDetailsAuthenticationProvider?

                        Is there a way to attach your code?
                        I use your code, that you posted earlier with blank methods. I just added debug breakpoints there:

                        Code:
                        public class MyAuthenticationProvider extends
                                AbstractUserDetailsAuthenticationProvider
                        {
                        
                            @Override
                                public UserDetails retrieveUser(String userName,
                                        UsernamePasswordAuthenticationToken authentication) {
                        
                                    return null;  //BREAKPOINT
                                }
                        
                                @Override
                                protected void additionalAuthenticationChecks(
                                        org.springframework.security.core.userdetails.UserDetails userDetails,
                                        UsernamePasswordAuthenticationToken authentication)
                                        throws AuthenticationException {
                                    int a=0;
                                    a++;      //BREAKPOINT
                                }

                        Comment


                        • #13
                          Security configurations are also the same as you posted?

                          Comment


                          • #14
                            Hey, try adding auto-config="true"

                            Code:
                            <security:http auto-config="true">

                            Comment


                            • #15
                              Originally posted by amiladomingo View Post
                              Security configurations are also the same as you posted?
                              Yes, but also I use <global-method-security pre-post-annotations="enabled" />

                              Originally posted by amiladomingo View Post
                              Hey, try adding auto-config="true"

                              Code:
                              <security:http auto-config="true">
                              That doesn't help.

                              Comment

                              Working...
                              X