[Q] Configuring the AuthenticationProcessingFilter
I am new to Acegi and am starting to get the grasp, but I am having trouble with configuring the AuthenticationProcessingFilter.
We are using a thrid-party product, Clear Trust (similar to SiteMinder), to serve as a traffic cop in front of our application and handle authentication. Our application still needs the logon information and needs to handle some Authorizations. The Pre-Authentication Scenarios examples, I was able to get the following configuration to work for us:
This all works great. Unauthorized users are now sent a 403. However, what I would really like to do is send them to a login url. This is where I have run into trouble. It looks like I need to configure the AuthenticationProcessingFilter to do this. However, so far my attempts to do so have not worked. In fact when I add the code below to my configuration, it seems to have no result at all. As is it is being ignored.Code:<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd"> <http entry-point-ref="preAuthenticatedProcessingFilterEntryPoint"> <intercept-url pattern="/**/npc/**" access="ROLE_SCA_NPC" requires-channel="any"/> <intercept-url pattern="/**/catalog/**" access="ROLE_SCA_CATALOG" requires-channel="any"/> <intercept-url pattern="/**" access="ROLE_SCA" requires-channel="any"/> <logout invalidate-session="true" logout-url="/logout" logout-success-url="http://www.mycomp.com/loggedout" /> </http> <authentication-manager alias="authenticationManager" /> <beans:bean id="preAuthenticatedProcessingFilterEntryPoint" class="org.springframework.security.ui.preauth.PreAuthenticatedProcessingFilterEntryPoint"/> <beans:bean id="preAuthenticatedProcessingFilter" class="com.mycomp.sca.security.ScaPreAuthenticatedFilter"> <custom-filter position="PRE_AUTH_FILTER" /> <beans:property name="principalRequestHeader" value="scemsrowid"/> <beans:property name="authenticationManager" ref="authenticationManager" /> </beans:bean> <beans:bean id="preauthAuthProvider" class="org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationProvider"> <custom-authentication-provider /> <beans:property name="preAuthenticatedUserDetailsService"> <beans:bean id="userDetailsServiceWrapper" class="org.springframework.security.userdetails.UserDetailsByNameServiceWrapper"> <beans:property name="userDetailsService" ref="userDetailsService"/> </beans:bean> </beans:property> </beans:bean> <beans:bean id="userDetailsService" scope="prototype" class="com.mycomp.sca.security.ScaUserDetailsService"> <beans:property name="authorizationService"> <beans:ref bean="authorizationService"/> </beans:property> </beans:bean> </beans:beans>
Any help would be GREATLY appreciated!Code:<beans:bean id="authenticationProcessingFilter" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter"> <custom-filter position="AUTHENTICATION_PROCESSING_FILTER" /> <beans:property name="authenticationManager" ref="authenticationManager" /> <beans:property name="authenticationFailureUrl" value="http://www.mycomp.com/login" /> <beans:property name="defaultTargetUrl" value="/sca/catalog/ContractSearch.action" /> <beans:property name="alwaysUseDefaultTargetUrl" value="true" /> <beans:property name="serverSideRedirect" value="false" /> <beans:property name="filterProcessesUrl" value="/**" /> </beans:bean>
Thanks in Advance,
Ken
