Feb 11th, 2009, 11:18 AM
Siteminder preauth not being rechecked.
I've created a class to override AbstractPreAuthenticatedProcessingFilter. The getPreAuthenticatedPrincipal() method simply reads the cookie set by SiteMinder.
I've configured the security with /**=channelProcessingFilter,httpSessionIntegrationF ilter,logoutFilter,authenticationProcessingFilter, exceptionTranslationFilter,filterSecurityIntercept or
I've set up the userDetailsService with an overridden version of JdbcDaoImpl that implements loadUsersByUsername() and loadUserAuthorities() to retrieve user information from a database. I need to do this because while siteminder is making sure the user is a valid user for an enterprise, I still need to verify that the user is valid for my particular web application.
The problem I'm having is that the cookie is not being rechecked on each request. If a new requests comes in and the cookie's value has changed, the new request is treated as though it were the previous users. (I verified this is the problem by putting debug statements in the getPreAuthenticatedPrincipal() method).
My sessionId is null, which seems like a bad thing.
Is there any special handling I need to do to make sure I have an HTTPSession available?
Is there something I need to do to get the cookie to be verified on each request?
Last edited by BrianCubeDweller; Feb 11th, 2009 at 11:23 AM.
Tags for this Thread