Custom AuthenticationProcessingFilterEntryPoint

**kellewic** · Dec 19th, 2006, 08:27 AM

Originally Posted by Luke

This isn't correct. The authentication processing filter is only triggered by the form login url, so the order doesn't matter. See the contacts sample, for example.

RememberMeProcessingFilter *is* used for cookie-based authentication but Nietzsche seems to be searching for meaning elsewhere :-).

So if I have my site set up to automatically redirect to the login form (if there's no valid session) and this is placed before the RememberMe services, it will still work?

This redirection does not check for a cookie so I can't see how it would work. Granted, I'm not an expert in Acegi so I am more looking for verification than anything.

Thanks.

**Nietzsche** · Dec 19th, 2006, 01:48 PM

Originally Posted by karldmoore

Glad I'm not alone on this one

.

I post my solution.

Code:

public class CustomAuthenticationProcessingFilter extends AuthenticationProcessingFilter {
    private Logger logger = Logger.getLogger(getClass());


    public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException {
        if (!(request instanceof HttpServletRequest)) {
            throw new ServletException("Can only process HttpServletRequest");
        }

        if (!(response instanceof HttpServletResponse)) {
            throw new ServletException("Can only process HttpServletResponse");
        }
        HttpServletRequest httpRequest = ((HttpServletRequest) request);
        HttpServletResponse httpResponse = ((HttpServletResponse) response);

        if (httpRequest.getParameterMap().containsKey("myParamKey") &&
                httpRequest.getSession().getId() != null) {

            httpRequest.getSession().setAttribute("myParamKey", "myParamKey");
            if (logger.isDebugEnabled()) {
                logger.debug("Request is to process authentication");
            }

            Cookie[] cookies = ((HttpServletRequest) request).getCookies();
            Cookie mycookie = null;
            for (Cookie c : cookies) {
                if (c.getName().equalsIgnoreCase("MyCustomCookie") &&
                        c.getMaxAge() < 0) {
                    mycookie = c;
                }
            }
            if (mycookie != null ) {
                CustomAuthenticationToken authRequest = null;
                try {
                    onPreAuthentication(httpRequest, httpResponse);
                    authRequest = new CustomAuthenticationToken(httpRequest.getParameter("myParamKey"), httpRequest.getParameter("myParamKey"));
                    authRequest.setInfo(mycookie.getValue());
                    authRequest.setDetails(new WebAuthenticationDetails(httpRequest));
                    setDetails(httpRequest, authRequest);
                    Authentication auth = this.getAuthenticationManager().authenticate(authRequest);
                    SecurityContextHolder.getContext().setAuthentication(auth);
                    successfulAuthentication(httpRequest, httpResponse, auth);

                } catch (AuthenticationException authenticationException) {
                    if (logger.isDebugEnabled()) {
                        logger.debug("my message", authenticationException);
                    }

                    unsuccessfulAuthentication(((HttpServletRequest) request), ((HttpServletResponse) response), authenticationException);
                }

                return;
            } else {
                new myParamKeyFault("Cookie not valid");
            }
        }
        super.doFilter(request, response, filterChain);
    }
}

thanks a lot.

Thread: Custom AuthenticationProcessingFilterEntryPoint

Thread Tools

Display

Posting Permissions