Announcement Announcement Module
Collapse
No announcement yet.
How/where can I manage Authentication at SecurityContext in pre-authentation Scenario Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • How/where can I manage Authentication at SecurityContext in pre-authentation Scenario

    hi All,

    I wonder how/where can I manage Authentication at SecurityContext in pre-authentation Scenario.

    I am using spring security 2.x to implement pre-authentation Scenario in my project. now, it patially work.

    After user login by pre-authentation process, they can be authrozied with relevant roles, and are able to acecess resources which defined in security:filter.

    e.g.

    <security:filter-invocation-definition-source lowercase-comparisons="true" path-type="ant">
    <security:intercept-url pattern="/resource/**" access="ROLE_ADMIN" />


    In a some controller, I want to check principal in security content.

    Code:
    public abstract class AbstractUserAuthenticationController extends AbstractController
    {
    	protected boolean isAuthenticated(String userName)
    	{	
    		Object obj = SecurityContextHolder.getContext().getAuthentication().getPrincipal(); // where issue come up
    But SecurityContextHolder.getContext().getAuthenticati on() always return null.

    In addition, I also can not use secuiry tag in jsp to check if user has relative roles

    <security:authorize ifNotGranted="ROLE_ADMIN">

    no role found

    </security:authorize>


    Below shows the "filterChainProxy" I am using.

    Code:
    <bean id="filterChainProxy" class="org.springframework.security.util.FilterChainProxy">
      <property name="filterInvocationDefinitionSource">
        <value>
          CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
          PATTERN_TYPE_APACHE_ANT 
          /*subscri*=httpSessionContextIntegrationFilter,logoutFilter,j2eePreAuthenticatedProcessingFilter,securityContextHolderAwareRequestFilter,subscribeExceptionTranslationFilter,filterInvocationInterceptor      
          /**=httpSessionContextIntegrationFilter,logoutFilter,j2eePreAuthenticatedProcessingFilter,logoutFilter,rememberMeProcessingFilter,exceptionTranslationFilter,filterSecurityInterceptor
        </value>
      </property>
    </bean>

    <bean id="preAuthenticatedAuthenticationProvider" class="org.springframework.security.providers.prea uth.PreAuthenticatedAuthenticationProvider">
    <property name="preAuthenticatedUserDetailsService" ref="preAuthenticatedUserDetailsService" />
    </bean>

    <bean id="preAuthenticatedUserDetailsService" class="demo.project.security.auth.RsaAuthenticatio nUserDetailsService" >
    <property name="userService" ref="userService" />
    </bean>

    <bean id="j2eePreAuthFilter" class="demo.project.security.filter.AutoLoginFilte r">
    <property name="authenticationManager" ref="authenticationManager" />
    <property name="userService" ref="userService" />
    </bean>

    I think I need to set Authentication to SecurityContext in somewhere, But I do not know where/where.

    What I am missing? Can anyone provide me some clues?

    Thanks!

    Ian

  • #2
    What does AutoLoginFilter look like? I'm not sure what you are doing, but you might take a look at X509AuthenticationFilter as an example/replacement. Does the AutoLoginFilter call SecuirtyContextHolder.getContext().setAuthenticati on()? See the AbstractPreAuthenticatedProcessingFilter for an example. Remember that the authenticationManager will have to have an AuthenticationProvider that handles the PreAuthenticatedAuthenticationToken. You might post the rest of your Spring configuration.

    Comment

    Working...
    X