Results 1 to 1 of 1

Thread: Big problems with adding/placing custom filter (Filter for forcing a password change)

  1. Sep 10th, 2012, 01:09 PM #1
    Ninca7
    Ninca7 is offline Junior Member
    Join Date
    Jul 2012
    Posts
    3

    Default Big problems with adding/placing custom filter (Filter for forcing a password change)

    How can I get a custom ForcePwdChangeFilter working?

    If I add the filter, no page is shown and even the redirection to login page does not work, I get status 200 in the browser. If I just remove the line with the <custom-filter> everything is fine.
    I already specified the check and redirection in a LoginSuccesHandler. But to hinder the user to go to a different page instead of changing his password I implemented this filter additionally:

    Code:
    public class ForcePwdChangeFilter extends GenericFilterBean {


        @Override
	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
			ServletException {
            Authentication auth  = SecurityContextHolder.getContext().getAuthentication();
           if(auth != null) {  
               // Never called before login page loaded
              /* logic for password expired check which throws a RuntimeException which should be handled by the SimpleMappingExceptionResolver */ 
                    throw new PasswordExpiredException("msg_pwd_expired"); 
              }
}
    Code:
    <http servlet-api-provision="true" use-expressions="true" auto-config="false">
    	<anonymous/> ...
        <custom-filter position="BASIC_AUTH_FILTER"  ref="forcePwdChangeFilter"/>    
</http>
<debug />
    Code:
    <bean class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver" p:defaultErrorView="error">
        <property name="exceptionMappings">
            <props><prop key=".PasswordExpiredException">pwdchange/</prop></props>
        </property>
    </bean>
    I already tried several before, after and position settings but without any success. My FilterChain (without ForcePwdChangeFilter) looks like:
    ChannelProcessingFilter
    ConcurrentSessionFilter
    SecurityContextPersistenceFilter
    LogoutFilter
    UsernamePasswordAuthenticationFilter
    RequestCacheAwareFilter
    SecurityContextHolderAwareRequestFilter
    AnonymousAuthenticationFilter
    SessionManagementFilter
    ExceptionTranslationFilter
    FilterSecurityInterceptor
    Can someone explain the behaviour? What do I need to do to make this work (with the exception being resolved by the SimpleMappingExceptionResolver)?
    Last edited by Ninca7; Sep 10th, 2012 at 01:16 PM.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules