Announcement Announcement Module
Collapse
No announcement yet.
Can't hit custom AuthenticationProvider Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    This works,

    Code:
    	<security:http auto-config="true">
    		<security:intercept-url pattern="/js/**" filters="none" />
    		<security:intercept-url pattern="/images/**" filters="none" />
    		<security:intercept-url pattern="/admin/**"	access="ROLE_ADMIN" />
    		<security:intercept-url pattern="/secured/**" access="ROLE_SECURED" />
    		<security:form-login login-page='/login.action' />
    	</security:http>
    
    	<security:authentication-manager>
    		<security:authentication-provider>
    			<security:user-service>
    				<security:user name="jimi" password="jimi" authorities="ROLE_ADMIN" />
    				<security:user name="bob" password="bob" authorities="ROLE_SECURED" />
    			</security:user-service>
    		</security:authentication-provider>
    	</security:authentication-manager>
    But this doesn't

    Code:
    	<security:http auto-config="true">
    		<security:intercept-url pattern="/js/**" filters="none" />
    		<security:intercept-url pattern="/images/**" filters="none" />
    		<security:intercept-url pattern="/admin/**"	access="ROLE_ADMIN" />
    		<security:intercept-url pattern="/secured/**" access="ROLE_SECURED" />
    		<security:form-login login-page='/login.action' />
    	</security:http>
    
    	<security:authentication-manager alias="authenticationManager">
    		<security:authentication-provider
    			ref="authenticationProvider" />
    	</security:authentication-manager>
    
    	<bean id="authenticationProvider"
    		class="com.AuthenticationProvider"/>
    That's weired

    Comment


    • #17
      Could you please post your most recent configuration file for Spring Security? If you have configured your AuthenticationProvider implementation correctly, it should be hitting the retrieveUser method.

      A couple other sanity checks:
      - You say your debugger never hits the breakpoint. Try setting a breakpoint somewhere you *know* it will hit, for example, in UsernamePasswordAuthenticationFilter. Does the breakpoint fire?
      - Are you using "Remember Me"? If you are, and you are bypassing the login form, then your provider will not be called.
      - You say it works if you are using the hard-coded usernames and passwords (from InMemoryDaoImpl). When you test your custom authentication provider, are you removing all other configured authentication providers?
      - What exactly is your custom AuthenticationProvider _doing_?

      Thanks in advance! Please answer all questions completely so we can help you better.

      Comment


      • #18
        Here are all my recent configurations:

        web.xml:
        Code:
        <?xml version="1.0" encoding="UTF-8"?>
        <web-app id="WebApp_9" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee"
                 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                 xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
        
         <display-name>Struts Blank</display-name>
        
        <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
        </filter>
        
        <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
        </filter-mapping>
        
            <context-param>
                <param-name>contextConfigLocation</param-name>
                <param-value>
                    /WEB-INF/applicationContext.xml
                    /WEB-INF/applicationContext-security.xml
                    classpath:corp-spring*
                </param-value>
            </context-param>
        
            <filter>
                <filter-name>struts2</filter-name>
                <filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class>
            </filter>
        
            <filter-mapping>
                <filter-name>struts2</filter-name>
                <url-pattern>/*</url-pattern>
            </filter-mapping>
        
            <welcome-file-list>
                <welcome-file>index.html</welcome-file>
            </welcome-file-list>
        
            <listener>
                <listener-class>org.apache.struts2.tiles.StrutsTilesListener</listener-class>
            </listener>
        
            <listener>
                <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
            </listener>
        
        </web-app>
        applicationContext-security:
        Code:
        <beans xmlns:security="http://www.springframework.org/schema/security"
                 xmlns="http://www.springframework.org/schema/beans"
                 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                 xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                                http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.3.xsd">
        
            <security:http auto-config="true">
                 <security:intercept-url pattern="/js/**" filters="none"/>
                 <security:intercept-url pattern="/images/**" filters="none"/>
                 <security:intercept-url pattern="/admin/**" access="ROLE_ADMIN" />
                 <security:intercept-url pattern="/secured/**" access="ROLE_SECURED" />
                 <security:form-login login-page='/login.action' default-target-url='/dashboard.action'/>
             </security:http>
        
         <security:authentication-manager>
             <security:authentication-provider ref="myAuthenticationProvider"/>
         </security:authentication-manager>
        
        <bean id="myAuthenticationProvider" class="com.colvir.portal.security.MyAuthenticationProvider"/>
        </beans>
        In jsp for test purposes I use simple html form:
        Code:
        <form action="j_spring_security_check" name="myform" method="post">
           <input type="text" name="j_username" value="aaa">
           <input type="text" name="j_password" value="bbb">
            <input name="Submit" type=submit value="Submit">
        </form>
        MyAuthenticationProvider you can see in my upper post. Now it's doing nothing. But I want to call there my service method UserService.authentificate(String username, String password).

        Comment


        • #19
          One thing I notice is that you don't have intercept-url patterns covering your whole application (I assume). What happens when you enter credentials in your login form? Do you get logged in? Do you get an error? What page do you end up at?

          Also, try turning on DEBUG level logging for org.springframework.security - it may help you out.

          Please answer all my questions when you reply next - thanks!

          Comment


          • #20
            Originally posted by kostepanych View Post
            MyAuthenticationProvider.supports??? What is it? Can't find it in reference.

            Can you post links to samples with such implementations?
            In the first post the code did not extend AbstractUserDetailsAuthenticationProvider and so you would need to ensure that MyAuthenticationProvider.supports returns true for supporting a UsernamePasswordAuthenticationToken. An example can be found in the AbstractUserDetailsAuthenticationProvider.supports method. Now that you are extending AbstractUserDetailsAuthenticationProvider the method is already implemented correctly for you. Given that, I would doubt this is your issue.

            I recommend that you follow Peter's (pmularien) steps especially enabling debugging. If looking at the logs does not help you, paste your logs on the forum and that will likely be enough for someone to assist you.

            Comment


            • #21
              I receive ProviderNotFoundException: No AuthenticationProvider found for org.springframework.security.authentication.Userna mePasswordAuthenticationToken:

              Code:
              17:50:15,937 DEBUG FilterChainProxy:195 - Converted URL to lowercase, from: '/j_spring_security_check'; to: '/j_spring_security_check'
              17:50:15,937 DEBUG FilterChainProxy:202 - Candidate is: '/j_spring_security_check'; pattern is /js/**; matched=false
              17:50:15,937 DEBUG FilterChainProxy:195 - Converted URL to lowercase, from: '/j_spring_security_check'; to: '/j_spring_security_check'
              17:50:15,937 DEBUG FilterChainProxy:202 - Candidate is: '/j_spring_security_check'; pattern is /images/**; matched=false
              17:50:15,937 DEBUG FilterChainProxy:195 - Converted URL to lowercase, from: '/j_spring_security_check'; to: '/j_spring_security_check'
              17:50:15,937 DEBUG FilterChainProxy:202 - Candidate is: '/j_spring_security_check'; pattern is /**; matched=true
              17:50:15,937 DEBUG FilterChainProxy:375 - /j_spring_security_check at position 1 of 10 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
              17:50:15,937 DEBUG HttpSessionSecurityContextRepository:142 - HttpSession returned null object for SPRING_SECURITY_CONTEXT
              17:50:15,937 DEBUG HttpSessionSecurityContextRepository:88 - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@1646cc0. A new one will be created.
              17:50:15,937 DEBUG FilterChainProxy:375 - /j_spring_security_check at position 2 of 10 in additional filter chain; firing Filter: 'LogoutFilter'
              17:50:15,937 DEBUG FilterChainProxy:375 - /j_spring_security_check at position 3 of 10 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
              17:50:15,937 DEBUG UsernamePasswordAuthenticationFilter:193 - Request is to process authentication
              17:50:15,984 DEBUG XmlWebApplicationContext:301 - Publishing event in Root WebApplicationContext: org.springframework.security.authentication.event.AuthenticationFailureProviderNotFoundEvent[source=org.springframework.security.authentication.UsernamePasswordAuthenticationToken@12e80: Principal: aaa; Credentials: [PROTECTED]; Authenticated: false; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@12afc: RemoteIpAddress: 127.0.0.1; SessionId: BB86612B948D92F37FEFAEDAD222551E; Not granted any authorities]
              17:50:15,984 DEBUG UsernamePasswordAuthenticationFilter:318 - Authentication request failed: org.springframework.security.authentication.ProviderNotFoundException: No AuthenticationProvider found for org.springframework.security.authentication.UsernamePasswordAuthenticationToken
              17:50:15,984 DEBUG UsernamePasswordAuthenticationFilter:319 - Updated SecurityContextHolder to contain null Authentication
              17:50:15,984 DEBUG UsernamePasswordAuthenticationFilter:320 - Delegating to authentication failure handlerorg.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler@13d2bab
              17:50:15,984 DEBUG SimpleUrlAuthenticationFailureHandler:67 - Redirecting to /login.action
              17:50:15,984 DEBUG DefaultRedirectStrategy:36 - Redirecting to '/login.action'
              Full log is here: http://rapidshare.com/files/443075197/portal.log

              What happens when you enter credentials in your login form? Do you get logged in? Do you get an error? What page do you end up at?
              In normal working app I should enter dashboard.action (default-target-url in config), and with config <security:user name="jimi" password="jimi" authorities="ROLE_ADMIN" /> I hit it.
              Now nothing happened: I allways stay on login page.
              Last edited by kostepanych; Jan 17th, 2011, 10:31 AM.

              Comment


              • #22
                Originally posted by kostepanych View Post
                I receive ProviderNotFoundException: No AuthenticationProvider found for org.springframework.security.authentication.Userna mePasswordAuthenticationToken:
                This sounds like the MyAuthenticationProvider.supports method is not returning true. Try adding a debug point to it and see if it returns true.

                Comment


                • #23
                  Thanks to all. The debugging resolved the problem. It was my stupid inattention mistake.

                  Also I have small question. To mark authentification error I use authentication-failure-url="/login.action?login_error=1", and check login_error param in JSP.
                  But maybe there are some parameters that are set automatically in case of bad login?

                  Comment


                  • #24
                    No,

                    When authentication fails, it returns nothing. That time the url in "authentication-failure-url" will be display in url section.

                    Comment


                    • #25
                      Originally posted by kostepanych View Post
                      But maybe there are some parameters that are set automatically in case of bad login?
                      You could check the session to see if the SPRING_SECURITY_LAST_EXCEPTION attribute is set. Just make sure you delete it if it is there, so that the user doesn't continue to see the error.

                      Comment

                      Working...
                      X