ANewSpring
May 2nd, 2012, 07:19 PM
Hi. I'm trying to get the skeleton of Spring 3.1 Pre Authentication Filter working.
I based my code off of this SpringSourceBlog article (http://blog.springsource.com/2010/08/02/spring-security-in-google-app-engine/).
I'm getting this error message telling me that I need to set my AuthenticationManager, which, I think I am:
org.springframework.beans.factory.BeanCreationExce ption:
Error creating bean with name 'org.springframework.security.filterChains':
Cannot resolve reference to bean 'org.springframework.security.web.DefaultSecurityF ilterChain#0'
while setting bean property 'sourceList' with key [0];
nested exception is org.springframework.beans.factory.BeanCreationExce ption:
Error creating bean with name 'org.springframework.security.web.DefaultSecurityF ilterChain#0':
Cannot resolve reference to bean 'customFilter'
while setting constructor argument with key [2];
nested exception is org.springframework.beans.factory.BeanCreationExce ption:
Error creating bean with name 'customFilter'
defined in ServletContext resource [/WEB-INF/acme-security.xml]:
Invocation of init method failed; nested exception is java.lang.IllegalArgumentException:
An AuthenticationManager must be set
I'm new to Spring, so maybe that is why I don't see what I am not doing. I Googled on similar examples and I can't seem to ferret out what I left undone.
Here is the code for my skeleton Pre Authentication filter:
package com.acme.controller.security;
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
import org.springframework.security.authentication.Authen ticationDetailsSource;
import org.springframework.security.authentication.Authen ticationManager;
import org.springframework.security.authentication.Authen ticationProvider;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationEx ception;
import org.springframework.security.core.context.Security ContextHolder;
import org.springframework.security.web.authentication.Au thenticationFailureHandler;
import org.springframework.security.web.authentication.pr eauth.AbstractPreAuthenticatedProcessingFilter;
import org.springframework.security.web.authentication.pr eauth.PreAuthenticatedAuthenticationToken;
import org.springframework.security.web.authentication.Si mpleUrlAuthenticationFailureHandler;
import org.springframework.security.web.authentication.We bAuthenticationDetails;
import org.springframework.security.web.authentication.We bAuthenticationDetailsSource;
import org.apache.log4j.Logger;
public class CustomIPAddressAuthenticationFilter extends AbstractPreAuthenticatedProcessingFilter {
private static final Logger logger = Logger.getLogger(CustomIPAddressAuthenticationFilt er.class);
private AuthenticationDetailsSource ads = new WebAuthenticationDetailsSource();
private AuthenticationManager authenticationManager;
private AuthenticationFailureHandler failureHandler = new SimpleUrlAuthenticationFailureHandler();
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
Authentication authentication = SecurityContextHolder.getContext().getAuthenticati on();
if (authentication == null) {
boolean isAuthenticatedByIP = false;
// Get the IP address of the user tyring to use the site
String userIPAddress = request.getRemoteAddr();
logger.debug("userIPAddress == " + userIPAddress);
// Compare the user's IP Address with the IP address in the database
// stored in the USERS_AUTHENTICATED_BY_IP table & joined to the
// USERS tabe to make sure the IP Address has a current user
//isAuthenticatedByIP = someDataObject.hasIPAddress(userIPAddress);
isAuthenticatedByIP = true;
if(isAuthenticatedByIP){
PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken("John.Principal","Password");
token.setDetails(ads.buildDetails(request));
try{
logger.debug("Going to set Authentication");
authentication = authenticationManager.authenticate(token);
// Setup the security context, aka authenticate
SecurityContextHolder.getContext().setAuthenticati on(authentication);
logger.debug("Authenticated");
}
catch(AuthenticationException e){
logger.debug("Authentication information was rejected by the authentication manager \n",e);
failureHandler.onAuthenticationFailure((HttpServle tRequest)request, (HttpServletResponse)response, e);
}
}// end if(isAuthenticatedByIP)
}// end if(authenication == null)
chain.doFilter(request, response);
}// end function doFilter();
public void setAuthenticationManager(AuthenticationManager authenticationManager) {
this.authenticationManager = authenticationManager;
}
public void setFailureHandler(AuthenticationFailureHandler failureHandler) {
this.failureHandler = failureHandler;
}
protected String getPreAuthenticatedPrincipal(javax.servlet.http.Ht tpServletRequest request){
return "Joe.IP.User";
}
protected String getPreAuthenticatedCredentials(javax.servlet.http. HttpServletRequest request){
return "Password2";
}
}
Here is my *-security.xml:
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:s="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<s:http auto-config="true" use-expressions="true">
<s:intercept-url pattern="/login*" access="hasRole('ROLE_ANONYMOUS')"/>
<s:intercept-url pattern="/search*" access="hasRole('ROLE_ANONYMOUS')"/>
<s:intercept-url pattern="/css/**" access="hasRole('ROLE_ANONYMOUS')"/>
<s:intercept-url pattern="/js/**" access="hasRole('ROLE_ANONYMOUS')"/>
<s:intercept-url pattern="/images/**" access="hasRole('ROLE_ANONYMOUS')"/>
<s:intercept-url pattern="/jsp/test*" access="hasRole('ROLE_ANONYMOUS')"/>
<s:intercept-url pattern="/**" access="isAuthenticated()" />
<s:custom-filter position="PRE_AUTH_FILTER" ref="customFilter" />
<s:form-login login-page="/login"
authentication-failure-url="/loginfailed" />
<s:logout logout-success-url="/logout" />
</s:http>
<bean id="customFilter" class="com.acme.controller.security.CustomIPAddressAuthen ticationFilter">
<property name="authenticationManager" ref="authenticationManager"/>
</bean>
<s:ldap-server url = "ldap://ldap-itc.smen.acme.com:636/o=acme.com"/>
<s:authentication-manager alias="authenticationManager">
<s:ldap-authentication-provider user-dn-pattern="uid={0},ou=People"/>
</s:authentication-manager>
</beans>
My web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="3.0"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<display-name>Acme</display-name>
<!--welcome-file-list>
<welcome-file>/login</welcome-file>
</welcome-file-list-->
<servlet>
<servlet-name>acme</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>acme</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- Help Find The Spring Config Files -->
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListe ner
</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/nsd-servlet.xml,
/WEB-INF/nsd-security.xml
</param-value>
</context-param>
<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterPro xy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Integrate A Legacy Screen Done With A Servlet -->
<servlet>
<servlet-name>HelloWorldServlet</servlet-name>
<servlet-class>
com.legacy.HelloWorldServlet
</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>HelloWorldServlet</servlet-name>
<url-pattern>/helloworldservlet</url-pattern>
</servlet-mapping>
</web-app>
Thanks in advance for any ideas
I based my code off of this SpringSourceBlog article (http://blog.springsource.com/2010/08/02/spring-security-in-google-app-engine/).
I'm getting this error message telling me that I need to set my AuthenticationManager, which, I think I am:
org.springframework.beans.factory.BeanCreationExce ption:
Error creating bean with name 'org.springframework.security.filterChains':
Cannot resolve reference to bean 'org.springframework.security.web.DefaultSecurityF ilterChain#0'
while setting bean property 'sourceList' with key [0];
nested exception is org.springframework.beans.factory.BeanCreationExce ption:
Error creating bean with name 'org.springframework.security.web.DefaultSecurityF ilterChain#0':
Cannot resolve reference to bean 'customFilter'
while setting constructor argument with key [2];
nested exception is org.springframework.beans.factory.BeanCreationExce ption:
Error creating bean with name 'customFilter'
defined in ServletContext resource [/WEB-INF/acme-security.xml]:
Invocation of init method failed; nested exception is java.lang.IllegalArgumentException:
An AuthenticationManager must be set
I'm new to Spring, so maybe that is why I don't see what I am not doing. I Googled on similar examples and I can't seem to ferret out what I left undone.
Here is the code for my skeleton Pre Authentication filter:
package com.acme.controller.security;
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
import org.springframework.security.authentication.Authen ticationDetailsSource;
import org.springframework.security.authentication.Authen ticationManager;
import org.springframework.security.authentication.Authen ticationProvider;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationEx ception;
import org.springframework.security.core.context.Security ContextHolder;
import org.springframework.security.web.authentication.Au thenticationFailureHandler;
import org.springframework.security.web.authentication.pr eauth.AbstractPreAuthenticatedProcessingFilter;
import org.springframework.security.web.authentication.pr eauth.PreAuthenticatedAuthenticationToken;
import org.springframework.security.web.authentication.Si mpleUrlAuthenticationFailureHandler;
import org.springframework.security.web.authentication.We bAuthenticationDetails;
import org.springframework.security.web.authentication.We bAuthenticationDetailsSource;
import org.apache.log4j.Logger;
public class CustomIPAddressAuthenticationFilter extends AbstractPreAuthenticatedProcessingFilter {
private static final Logger logger = Logger.getLogger(CustomIPAddressAuthenticationFilt er.class);
private AuthenticationDetailsSource ads = new WebAuthenticationDetailsSource();
private AuthenticationManager authenticationManager;
private AuthenticationFailureHandler failureHandler = new SimpleUrlAuthenticationFailureHandler();
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
Authentication authentication = SecurityContextHolder.getContext().getAuthenticati on();
if (authentication == null) {
boolean isAuthenticatedByIP = false;
// Get the IP address of the user tyring to use the site
String userIPAddress = request.getRemoteAddr();
logger.debug("userIPAddress == " + userIPAddress);
// Compare the user's IP Address with the IP address in the database
// stored in the USERS_AUTHENTICATED_BY_IP table & joined to the
// USERS tabe to make sure the IP Address has a current user
//isAuthenticatedByIP = someDataObject.hasIPAddress(userIPAddress);
isAuthenticatedByIP = true;
if(isAuthenticatedByIP){
PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken("John.Principal","Password");
token.setDetails(ads.buildDetails(request));
try{
logger.debug("Going to set Authentication");
authentication = authenticationManager.authenticate(token);
// Setup the security context, aka authenticate
SecurityContextHolder.getContext().setAuthenticati on(authentication);
logger.debug("Authenticated");
}
catch(AuthenticationException e){
logger.debug("Authentication information was rejected by the authentication manager \n",e);
failureHandler.onAuthenticationFailure((HttpServle tRequest)request, (HttpServletResponse)response, e);
}
}// end if(isAuthenticatedByIP)
}// end if(authenication == null)
chain.doFilter(request, response);
}// end function doFilter();
public void setAuthenticationManager(AuthenticationManager authenticationManager) {
this.authenticationManager = authenticationManager;
}
public void setFailureHandler(AuthenticationFailureHandler failureHandler) {
this.failureHandler = failureHandler;
}
protected String getPreAuthenticatedPrincipal(javax.servlet.http.Ht tpServletRequest request){
return "Joe.IP.User";
}
protected String getPreAuthenticatedCredentials(javax.servlet.http. HttpServletRequest request){
return "Password2";
}
}
Here is my *-security.xml:
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:s="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<s:http auto-config="true" use-expressions="true">
<s:intercept-url pattern="/login*" access="hasRole('ROLE_ANONYMOUS')"/>
<s:intercept-url pattern="/search*" access="hasRole('ROLE_ANONYMOUS')"/>
<s:intercept-url pattern="/css/**" access="hasRole('ROLE_ANONYMOUS')"/>
<s:intercept-url pattern="/js/**" access="hasRole('ROLE_ANONYMOUS')"/>
<s:intercept-url pattern="/images/**" access="hasRole('ROLE_ANONYMOUS')"/>
<s:intercept-url pattern="/jsp/test*" access="hasRole('ROLE_ANONYMOUS')"/>
<s:intercept-url pattern="/**" access="isAuthenticated()" />
<s:custom-filter position="PRE_AUTH_FILTER" ref="customFilter" />
<s:form-login login-page="/login"
authentication-failure-url="/loginfailed" />
<s:logout logout-success-url="/logout" />
</s:http>
<bean id="customFilter" class="com.acme.controller.security.CustomIPAddressAuthen ticationFilter">
<property name="authenticationManager" ref="authenticationManager"/>
</bean>
<s:ldap-server url = "ldap://ldap-itc.smen.acme.com:636/o=acme.com"/>
<s:authentication-manager alias="authenticationManager">
<s:ldap-authentication-provider user-dn-pattern="uid={0},ou=People"/>
</s:authentication-manager>
</beans>
My web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="3.0"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<display-name>Acme</display-name>
<!--welcome-file-list>
<welcome-file>/login</welcome-file>
</welcome-file-list-->
<servlet>
<servlet-name>acme</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>acme</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- Help Find The Spring Config Files -->
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListe ner
</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/nsd-servlet.xml,
/WEB-INF/nsd-security.xml
</param-value>
</context-param>
<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterPro xy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Integrate A Legacy Screen Done With A Servlet -->
<servlet>
<servlet-name>HelloWorldServlet</servlet-name>
<servlet-class>
com.legacy.HelloWorldServlet
</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>HelloWorldServlet</servlet-name>
<url-pattern>/helloworldservlet</url-pattern>
</servlet-mapping>
</web-app>
Thanks in advance for any ideas