Bypass login page
I've been given an application which uses Spring Security and would like to know how I can bypass the login page. I have a Filter which adds a Kerberos key object after successfull AD authentication. Now since there was no handover I have no idea how to bypass the login page.
The application is setup as follows:
1. Proxy login (not part of application)
2. My AD authentication filter
3. Login page (need to bypass)
4. Main page with user views.
Please assist. This is the spring security config file...
Code:<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:security="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.3.xsd"> <security:http auto-config="false" entry-point-ref="authenticationEntryPoint"> <security:custom-filter ref="authenticationFilter" position="FORM_LOGIN_FILTER"/> <security:intercept-url pattern='/cxf/**' access='ROLE_USER'/> <security:logout invalidate-session="true" logout-url="/cxf/portal/login/end" success-handler-ref="logoutHandler"/> </security:http> <bean id="logoutHandler" class="com.foo.security.DefaultLogoutSuccessHandler"> <constructor-arg ref="sessionCache"/> <property name="defaultTargetUrl" value="/index.html"/> </bean> <bean id="authenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint"> <property name="loginFormUrl" value="/index.html"/> </bean> <bean id="authenticationFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter"> <property name="authenticationManager" ref="authenticationManager"/> <property name="authenticationDetailsSource" ref="authenticationDetailsSource"/> <property name="authenticationSuccessHandler" ref="authenticationSuccessHandler"/> <property name="filterProcessesUrl" value="/cxf/portal/login"/> <property name="usernameParameter" value="username"/> <property name="passwordParameter" value="password"/> <property name="postOnly" value="false"/> <property name="allowSessionCreation" value="true"/> <property name="sessionAuthenticationStrategy" ref="sessionAuthenticationStrategy"/> </bean> <bean name="sessionAuthenticationStrategy" class="org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy"> <property name="alwaysCreateSession" value="true"/> </bean> <bean id="authenticationSuccessHandler" class="com.foo.security.DefaultAuthenticationSuccessHandler"/> <bean id="authenticationFailureHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler"/> <security:authentication-manager alias="authenticationManager"> <security:authentication-provider ref="authenticationProvider"/> </security:authentication-manager> <bean id="authenticationProvider" class="com.foo.security.DefaultAuthenticationProvider"> <constructor-arg index="0" ref="sessionCache"/> </bean> <bean id="authenticationDetailsSource" class="org.springframework.security.web.authentication.WebAuthenticationDetailsSource"> <property name="clazz" value="com.foo.security.DefaultAuthenticationDetails"/> </bean> </beans>
Reply With Quote