How to replace form-login

**brewsterr** · Jul 15th, 2008, 01:50 PM

Using Spring Security 2.0.3.

I have written a custom AuthenticationProcessingFilter and AuthenticationProvider and want to plug this in to replace the form-login.

Code:

    <bean id="combinedAuthenticationProcessingFilter"
          class="web.security.CombinedAuthenticationProcessingFilter">
        <property name="authenticationManager" ref="authenticationManager"/>
        <property name="authenticationFailureUrl" value="/login.html?error=true"/>
        <property name="defaultTargetUrl" value="/"/>
        <property name="filterProcessesUrl" value="/j_security_check"/>
        <security:custom-filter position="AUTHENTICATION_PROCESSING_FILTER"/>
    </bean>

    <bean id="exceptionTranslationFilter" class="org.springframework.security.ui.ExceptionTranslationFilter">
        <property name="authenticationEntryPoint" ref="authenticationProcessingFilterEntryPoint">
        </property>
        <property name="accessDeniedHandler">
            <bean class="org.springframework.security.ui.AccessDeniedHandlerImpl">
                <property name="errorPage" value="/error.html"/>
            </bean>
        </property>
        <security:custom-filter position="EXCEPTION_TRANSLATION_FILTER"/>
    </bean>
    
    <bean id="authenticationProcessingFilterEntryPoint"
          class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
        <property name="loginFormUrl" value="/j_security_check"/>
        <property name="forceHttps" value="false"/>
    </bean>

    <bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
        <property name="providers">
            <list>
                <ref local="combinedAuthenticationProvider"/>
                <ref local="anonymousAuthenticationProvider"/>
            </list>
        </property>
    </bean>

    <bean id="combinedAuthenticationProvider" class="web.security.CombinedAuthenticationProvider">
        <property name="accountLookupService" ref="accountLookupService"/>
        <property name="passwordEncoder" ref="passwordEncoder"/>
        <security:custom-authentication-provider/>
    </bean>

    <bean id="anonymousAuthenticationProvider"
          class="org.springframework.security.providers.anonymous.AnonymousAuthenticationProvider">
        <property name="key" value="anonymous"/>
    </bean>

The problem is that AuthenticationProcessingFilterEntryPoint is not recognized, and I get this error:

Code:

org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: No AuthenticationEntryPoint could be established.
 Please make sure you have a login mechanism configured through the namespace (such as form-login) or specify a custom AuthenticationEntryPoint with the custom-entry-point-ref attribute

Where do I put the custom-entry-point-ref attribute?

My objective is to replace the form-login with my own bean configuration.

TIA,

Richard

**sphemy** · Jul 16th, 2008, 03:33 AM

Originally Posted by brewsterr

My objective is to replace the form-login with my own bean configuration.

Normally, this should do it:

Code:

  <http>
    <intercept-url pattern="/noaccess.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    <intercept-url pattern="/login.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    <intercept-url pattern="/**" access="IS_AUTHENTICATED_REMEMBERED" />

    <form-login login-page="/login.jsp" login-processing-url="/login_security_check" always-use-default-target="false"
      authentication-failure-url="/noaccess.jsp" />

    <anonymous />
    <logout />

  </http>

where login.jsp shows a custom form. In that form the action is 'login_security_check'

**Luke Taylor** · Jul 16th, 2008, 05:08 AM

There's now a section in the manual which explains this:

http://static.springframework.org/sp...ntry-point-ref

Note that replacing the ExceptionTranslationFilter created by the namespace isn't supported.

**brewsterr** · Jul 16th, 2008, 11:52 AM

Thanks for the replies. I removed form-login and the ExceptionTranslationFilter and added the entry-point-ref to reference my AuthenticationProcessingFilterEntryPoint.

But my custom combinedAuthenticationProcessingFilter never gets into the filter chain. The default AuthenticationProcessingFilter, order = 700, is used instead. Here is the filter chain debug log:

Code:

DEBUG [btpool0-1] FilterChainProxy.getFilters(201) | Candidate is: '/j_security_check'; pattern is /**; matched=true
DEBUG [btpool0-1] FilterChainProxy.doFilter(366) | /j_security_check at position 1 of 8 in additional filter chain; firing Filter: 'org.springframework.security.context.HttpSessionContextIntegrationFilter[ order=200; ]'
DEBUG [btpool0-1] HttpSessionContextIntegrationFilter.readSecurityContextFromSession(286) | HttpSession returned null object for SPRING_SECURITY_CONTEXT
DEBUG [btpool0-1] HttpSessionContextIntegrationFilter.doFilterHttp(209) | New SecurityContext instance will be associated with SecurityContextHolder
DEBUG [btpool0-1] FilterChainProxy.doFilter(366) | /j_security_check at position 2 of 8 in additional filter chain; firing Filter: 'org.springframework.security.ui.logout.LogoutFilter[ order=300; ]'
DEBUG [btpool0-1] FilterChainProxy.doFilter(366) | /j_security_check at position 3 of 8 in additional filter chain; firing Filter: 'org.springframework.security.ui.webapp.AuthenticationProcessingFilter[ order=700; ]'

How do I replace the filter with my own?

Thanks,

Richard

**Luke Taylor** · Jul 16th, 2008, 12:53 PM

If two filters are included at the same position then you will get an error on startup. Please attach the log (a decent sized portion of it) and your application context configuration because it is impossible to say what is happening without them. Use an attachment rather than pasting them into forum posts.

**brewsterr** · Jul 16th, 2008, 03:25 PM

I fixed the authenticationProcessingFilterEntryPoint and now my filter is activated.

Code:

<property name="loginFormUrl" value="/j_security_check"/>

should have been

Code:

<property name="loginFormUrl" value="/login.html"/>

That was the last piece of the puzzle. I appreciate your help.

Richard

**J Ball** · Jul 16th, 2008, 05:20 PM

Richard, can you paste what worked for you, specifically how you connect the filters? I am facing a similar problem. Thanks.

**banifou** · Jul 17th, 2008, 04:00 AM

Look at here:
http://forum.springframework.org/showthread.php?t=56167

**brewsterr** · Jul 17th, 2008, 07:52 AM

See attached zip file with the security.xml that works. Notice that I did not use any of the namespace configurations, but used only Spring beans. I could have used the <anonymous> element in <http>, but that would have saved only one bean and I wanted to make it explicit.

Richard

**J Ball** · Jul 17th, 2008, 03:46 PM

I following your config file and based mine off your's. I actually got a login screen and no deployment errors, so thank you! Now, after I login I get an error page saying "The requested resource (/<context root>/loginProcess) is not available."

In looking at your config file, I didn't see a loginProcess declaration and was wondering if you knew how it was configured. What replaces the "login-processing-url" from the default form-login? Below is how I had it working prior to replacing it.
<form-login login-page="/login.jsp"
login-processing-url="/loginProcess"
default-target-url="/index.jsp"
authentication-failure-url="/login.jsp?login_error=1" />

Thread: How to replace form-login

Thread Tools

Display

How to replace form-login

Tags for this Thread

Posting Permissions