Custom security filter.

[samarthya]

I have created my own Filter, Provider and Authentication manager. Now I am trying to hook them up in my program.

My bean configuration file looks like

Code:

	<bean id="securityFilterChain" class="org.springframework.security.web.FilterChainProxy">
		<constructor-arg>
			<list>
				<security:filter-chain pattern="/**" filters="authFilter" />
			</list>
		</constructor-arg>
	</bean>

	<bean id="authFilter" class="com.secure.provider.OpenAuthenticationFilter">
		<property name="authenticationManager" ref="authManager" />
	</bean>
	<bean id="authManager" class="com.secure.provider.OpenAuthenticationManager">
		<constructor-arg>
			<list>
				<ref bean="xmlAuthProvider" />
			</list>
		</constructor-arg>
	</bean>

	<bean id="xmlAuthProvider" class="com.secure.provider.OpenXMLAuthenticationProvider">
		<constructor-arg index="0">
			<value>"classpath:configurations/UserConfig.xml"</value>
		</constructor-arg>
	</bean>

In my web.xml

Code:

<filter>
		<filter-name>securityFilterChain</filter-name>
		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
	</filter>

	<filter-mapping>
		<filter-name>securityFilterChain</filter-name>
		<url-pattern>/*</url-pattern>
		<dispatcher>REQUEST</dispatcher>
		<dispatcher>FORWARD</dispatcher>
	</filter-mapping>

In my implementation for filter

Code:

public class OpenAuthenticationFilter extends
		AbstractAuthenticationProcessingFilter {
	private final static String USERNAME_KEY = "username";
	private final static String PASSWORD_KEY = "password";

	private final static String ACTION_URL = "/process_credentials";

	private String usernameParameter = USERNAME_KEY;
	private String passwordParameter = PASSWORD_KEY;

	protected OpenAuthenticationFilter() {
		super(ACTION_URL);
	}

	@Override
	public Authentication attemptAuthentication(HttpServletRequest request,
			HttpServletResponse response) throws AuthenticationException,
			IOException, ServletException {

		if (!request.getMethod().equals("POST")) {
			throw new AuthenticationServiceException(
					"Authentication method not supported: "
							+ request.getMethod());
		}

		/**
		 * Time to get the user name and password details in the token
		 */
		String username = (String) request.getAttribute(usernameParameter);
		String password = (String) request.getAttribute(passwordParameter);

		/**
		 * Trimmed user name
		 */
		OpenAuthenticationToken authentication = new OpenAuthenticationToken(
				username.trim(), password);

		/**
		 * More information about the object in details
		 */
		authentication.setDetails(request);

		return this.getAuthenticationManager().authenticate(authentication);
	}
}

I guess I am still missing something to complete the hooking from any login page that shall post to the /process_credentials URI.


Totally lost, can someone help?
- Saurabh