Configuring Pre-Authentication in Spring Security 3.1.0

**carcaret** · Feb 7th, 2013, 06:47 AM

Hi!

I'm trying to configure pre-authentication in my webapp using Spring Security 3.1.0 but having some issues.

I've been searching the internet and found a couple of examples, that nearly work, but something is missing.

I want to authenticate with an LDAP provider in our Weblogic server using j_security_check, and then grant the roles within my app.

It looks like the authentication is going fine, but then I face two problems:

Once the authentication succeeds, I'm not getting redirected anywhere. Where should I specify that once authenticated, I should go to some URL?
My AuthenticationUserDetailsService is never getting called.

Here are my spring-security.xml

Code:

<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" 
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schem...-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">

<http auto-config="false" use-expressions="true" entry-point-ref="preAuthenticatedProcessingFilterEntryPoint">
    <intercept-url pattern="/login/**" access="permitAll"/>
    <intercept-url pattern="/**" access="ROLE_USER" />
    <custom-filter position="PRE_AUTH_FILTER" ref="preAuthFilter"/>

</http>

<beans:bean id="inMemoryAuthenticationUserDetailsService"
           class="myapp.web.authentication.CustomAuthenticationUserDetailsService"/>

<beans:bean id="preAuthenticatedProcessingFilterEntryPoint"
            class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint"/>

<beans:bean id="preAuthenticatedAuthenticationProvider"
            class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
    <beans:property name="preAuthenticatedUserDetailsService" ref="inMemoryAuthenticationUserDetailsService"/>
</beans:bean>

<beans:bean id="simpleAttributes2GrantedAuthoritiesMapper"
            class="org.springframework.security.core.authority.mapping.SimpleAttributes2GrantedAuthoritiesMapper">
    <beans:property name="attributePrefix" value=""/>
</beans:bean>

<beans:bean id="webXmlMappableAttributesRetriever"
            class="org.springframework.security.web.authentication.preauth.j2ee.WebXmlMappableAttributesRetriever"/>

<beans:bean id="j2eeBasedPreAuthenticatedWebAuthenticationDetailsSource"
            class="org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource">
    <beans:property name="mappableRolesRetriever" ref="webXmlMappableAttributesRetriever"/>
    <beans:property name="userRoles2GrantedAuthoritiesMapper" ref="simpleAttributes2GrantedAuthoritiesMapper"/>
</beans:bean>

<beans:bean id="preAuthFilter"
            class="org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthenticatedProcessingFilter">
    <beans:property name="authenticationManager" ref="appControlAuthenticationManager"/>
    <beans:property name="authenticationDetailsSource"
                    ref="j2eeBasedPreAuthenticatedWebAuthenticationDetailsSource"/>
</beans:bean>

<authentication-manager alias="appControlAuthenticationManager">
    <authentication-provider ref="preAuthenticatedAuthenticationProvider"/>
</authentication-manager>

my web.xml

Code:

<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<display-name>Penelope11g</display-name>

<welcome-file-list>
    <welcome-file>/jsp/index.jsp</welcome-file>
</welcome-file-list>

<servlet>
    <servlet-name>spring</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>

<servlet-mapping>
    <servlet-name>spring</servlet-name>
    <url-pattern>*.html</url-pattern>
</servlet-mapping>

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
        /WEB-INF/spring-servlet.xml,
        /WEB-INF/spring-security.xml
    </param-value>
</context-param>

<listener>
    <listener-class>
        org.springframework.web.context.ContextLoaderListener
    </listener-class>
</listener> 

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>
     org.springframework.web.filter.DelegatingFilterProxy
    </filter-class>
</filter> 

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/jsp/*</url-pattern>
</filter-mapping>

<security-constraint>
    <web-resource-collection>
        <web-resource-name>All Content</web-resource-name>
        <url-pattern>/jsp/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>ROLE_USER</role-name>
    </auth-constraint>
</security-constraint>

<login-config>
    <auth-method>FORM</auth-method>
    <realm-name>DEFAULT</realm-name>
    <form-login-config>
        <form-login-page>/login/login.jsp</form-login-page>
        <form-error-page>/login/errorLogin.jsp</form-error-page>
    </form-login-config>
</login-config>

<security-role>
    <role-name>ROLE_USER</role-name>
</security-role>
<security-role>
    <role-name>ROLE_ADMIN</role-name>
</security-role>

and my login.jsp

Code:

<!DOCTYPE HTML>
<%@ page language="java" contentType="text/html;charset=ISO-8859-1"%>
<%@taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<c:set var="path" value="${request.contextPath}" scope="request"/>
<html>
    <head>
    <title>Penelope: Login</title>
    <link type="text/css" href="../css/default/easyui.css" rel="stylesheet" />
    <link type="text/css" href="../css/icon.css" rel="stylesheet" />
    <script type="text/javascript" src="../js/jquery-1.7.2.min.js"></script>
    <script type="text/javascript" src="../js/jquery.easyui.min.js"></script>
    <script>
    $(document).ready(function() {
        $('#ventanaLogin').dialog({  
            modal:true,
            draggable:false,
            closable:false,
            height:250,
            width:300,
            buttons:[{
                text:'Aceptar',
                iconCls:'icon-ok',
                handler:function(){
                    $("#loginForm").submit();
                }
            }]
        }); 

        $("html").keydown(function(e){
            if(e.keyCode == '13')
            {
                $("#loginForm").submit();
            }
        });
    });
    </script>
</head>
<body>
    <div id="ventanaLogin" title="Login">  
        <form action="../j_security_check" id="loginForm" method="post">
            <table style="margin:30px;">
                <tr>
                    <td><label>Username</label></td>
                    <td><input type="text" id="usuario" name="j_username" tabindex="1"/></td>
                </tr>
                <tr>
                    <td><label>Password</label></td>
                    <td><input type="password" id="clave" name="j_password" tabindex="2"/></td>
                </tr>
            </table>
        </form>
    </div>      
</body>

Hope that's info enough to get some help. Thanks!!

**ctkcin** · Feb 8th, 2013, 12:47 AM

you an try with adding authenticationSuccessHandler property in "preAuthFilter".

Code:

<beans:bean id="preAuthFilter"
class="org.springframework.security.web.authentica tion.preauth.j2ee.J2eePreAuthenticatedProcessingFi lter">
<beansroperty name="authenticationManager" ref="appControlAuthenticationManager"/>
<beansroperty name="authenticationDetailsSource"
ref="j2eeBasedPreAuthenticatedWebAuthenticationDet ailsSource"/>

<beansroperty name="authenticationSuccessHandler"
ref="successHandler" />

</beans:bean>

<beans:bean id="successHandler"
class="org.springframework.security.web.authentica tion.SavedRequestAwareAuthenticationSuccessHandler ">
<beansroperty name="defaultTargetUrl" value="/welcome" />
</beans:bean>

**Rob Winch** · Feb 8th, 2013, 09:17 AM

Originally Posted by carcaret

Once the authentication succeeds, I'm not getting redirected anywhere. Where should I specify that once authenticated, I should go to some URL?

If you are performing pre authentication, the hook cannot be associated to Spring Security since it is not involved in the authentication process.

Originally Posted by carcaret

My AuthenticationUserDetailsService is never getting called.

What do the debug logs look like? It only attempts to authenticate if the principal returned by getPreAuthenticatedPrincipal() is non null.

Thread: Configuring Pre-Authentication in Spring Security 3.1.0

Thread Tools

Display

Configuring Pre-Authentication in Spring Security 3.1.0

Tags for this Thread

Posting Permissions