Custom AuthenticationProcessingFilterEntryPoint

[Nietzsche]

Hi,
i want to change the AuthenticationProcessingFilterEntryPoint to check if exists a cookie. If the cookie exists, i want to send its informations to the authentication manager. If the cookie doesn't exist, i want to show the form authentication.

How can i do it ?

Thanks a lot.

[karldmoore]

I'm not sure what your trying to do, but that just sounds like remember me authentication. This already exists, just check out the examples that ship with acegi. They demo using it.

[Nietzsche]

I'm not sure what your trying to do, but that just sounds like remember me authentication. This already exists, just check out the examples that ship with acegi. They demo using it.

Now I using form authentication. But i want skip "form authentication" when exist a my coockie. And use for authentication process the info inside a coockie.

Thanks a lot.

Nietzsche.

[karldmoore]

All I can say is, see previous statement. Again this said exactly like the remember me authentication. Have you had a look at the Acegi example? If not this should show you how to do it. If you have and still have questions, what are the questions?

[kellewic]

Pretty sure you would have to place RememberMeProcessingFilter before your form authentication filter for this to work. I assume this since you say you want the cookie to override any form authentication.

It also seems you need the TokenBasedRememberMeServices and not the default NullRememberMeServices configured.

The TokenBased definitely looks for a cookie and uses that for authentication unless the token is expired or simply doesn't exist (or if the user is not valid).

This is under the providers.rememberme.* package.

[Nietzsche]

Pretty sure you would have to place RememberMeProcessingFilter before your form authentication filter for this to work. I assume this since you say you want the cookie to override any form authentication.

It also seems you need the TokenBasedRememberMeServices and not the default NullRememberMeServices configured.

The TokenBased definitely looks for a cookie and uses that for authentication unless the token is expired or simply doesn't exist (or if the user is not valid).

This is under the providers.rememberme.* package.

I extends AuthenticationProcessingFilter and modify doFilter.

If exist my custom cookie i run:

Code:

onPreAuthentication(httpRequest, httpResponse);

Create my custom token

Code:

authRequest = new CustomAuthenticationToken(custominfo1, custominfo2));
authRequest.setDetails(new WebAuthenticationDetails(httpRequest));

authenticate my token

Code:

Authentication auth = this.getAuthenticationManager().authenticate(authRequest);

Set context

Code:

SecurityContextHolder.getContext().setAuthentication(auth);

and

Code:

successfulAuthentication(httpRequest, httpResponse, auth);

If I have a error use.

Code:

unsuccessfulAuthentication(((HttpServletRequest) request), ((HttpServletResponse) response), authenticationException);

[davidecr]

Hi, Did you find an answer to this issue?

Regards,

David Castaneda

[Luke Taylor]

Pretty sure you would have to place RememberMeProcessingFilter before your form authentication filter for this to work. I assume this since you say you want the cookie to override any form authentication.

This isn't correct. The authentication processing filter is only triggered by the form login url, so the order doesn't matter. See the contacts sample, for example.

RememberMeProcessingFilter *is* used for cookie-based authentication but Nietzsche seems to be searching for meaning elsewhere :-).

[davidecr]

Thanks a lot for this reply... Actually I make it work... without rememberme services as it seems to be too much overhead maybe I'm wrong right now I need to make it work but I'll review it again later and let you know....

Regards...


David Casta~eda

[karldmoore]

RememberMeProcessingFilter *is* used for cookie-based authentication but Nietzsche seems to be searching for meaning elsewhere :-).

Glad I'm not alone on this one .