Problem with custom logout filter

**sachin_yadav** · Apr 7th, 2009, 07:44 AM

Hi,

i have written a custom logout filter. My security configuration file looks like this:

Code:

<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:context="http://www.springframework.org/schema/context"
    xmlns:p="http://www.springframework.org/schema/p"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
        http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
        http://www.springframework.org/schema/security
        http://www.springframework.org/schema/security/spring-security-2.0.1.xsd
        http://www.springframework.org/schema/context 
        http://www.springframework.org/schema/context/spring-context-2.5.xsd
        ">

	<global-method-security secured-annotations="enabled" 
	access-decision-manager-ref="accessDecisionManager"/>
	
    <beans:bean id="authenticationProcessingFilter" class="aesmo.blah.blah.MyAuthenticationProcessingFilter">
		<custom-filter position="AUTHENTICATION_PROCESSING_FILTER" />
		<beans:property name="defaultTargetUrl" value="/index.jsp" />
		<beans:property name="authenticationManager" ref="authenticationManager" />
		<beans:property name="authenticationFailureUrl" value="/login.jsp?error=true" />		
	</beans:bean>
	
	<authentication-manager alias="authenticationManager" />
	
	<http auto-config="false" entry-point-ref="authenticationProcessingFilterEntryPoint" 
	access-decision-manager-ref="accessDecisionManager">
		<intercept-url pattern="/admin/*.do"
        access="ABC_ADMINISTRATOR" />
        <intercept-url pattern="/system/*.do"
        access="ABC_SYS_CONTROLLER" />        	    
    </http>
    
     <beans:bean id="logoutFilter" class="org.springframework.security.ui.logout.LogoutFilter">
		<beans:constructor-arg value="/login.jsp"></beans:constructor-arg>
		<beans:constructor-arg>
			<beans:list>
				<beans:bean class="ca.aeso.dt.web.security.AdamsSecurityLogoutHandler" />
				<beans:bean class="org.springframework.security.ui.logout.SecurityContextLogoutHandler" />
			</beans:list>
		</beans:constructor-arg>
		<beans:property name="filterProcessesUrl" value="/j_spring_security_logout" />
	</beans:bean> 
	
     <beans:bean id="authenticationProcessingFilterEntryPoint"
		class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
		<beans:property name="loginFormUrl" value="/login.jsp" />
		<beans:property name="forceHttps" value="false" />
	</beans:bean>
		
     <beans:bean id="dataSource" class="org.springframework.jndi.JndiObjectFactoryBean">
         <beans:property name="jndiName" value="jdbc/dtDataSource"/>
         <beans:property name="resourceRef" value="true"/>
         <beans:property name="expectedType" value="javax.sql.DataSource"/>
    </beans:bean>
	
	<authentication-provider>
	<password-encoder hash="plaintext"/>	
	<jdbc-user-service data-source-ref="dataSource"
	users-by-username-query = "blah blah myquery" 
	authorities-by-username-query="blah blah myquery"/>		
	</authentication-provider>
	
    <beans:bean id="accessDecisionManager" class="org.springframework.security.vote.AffirmativeBased">
		<beans:property name="decisionVoters">
			<beans:list>
  				<beans:ref bean="roleVoter" /> 
  			</beans:list>
  		</beans:property>
  	</beans:bean>
	<beans:bean id="roleVoter" 
		class="org.springframework.security.vote.RoleVoter">
 	<beans:property name="rolePrefix">
  		<beans:value>ABC_</beans:value> 
  	</beans:property>
  </beans:bean>
</beans:beans>

now my problem is that after login if i hit the Logout button and submit page to /j_spring_security_logout, it gives me 404 page not found error.

Any help would be much appreciated.

**sachin_yadav** · Apr 7th, 2009, 11:23 PM

ehhh i was missing custome-filter position in my logout filter, that's why it was not been called in filter chain and hence page not found. I just have to put a tag like

Code:

<beans:bean id="logoutFilter" class="org.springframework.security.ui.logout.LogoutFilter">
     	<custom-filter position="LOGOUT_FILTER"/>     
		<beans:constructor-arg value="/login.jsp"></beans:constructor-arg>
....................

**vinaysingh** · Apr 8th, 2009, 12:45 AM

hi sachin,

i want to implement the web securities with spring framework and i am new to spring and web securities ccan you please help me how to implement web securites with spring framework and what are the classes and files required to implement so and what will be teh directory stucturea,it will be great help to me as i want to learn it

**sachin_yadav** · Apr 8th, 2009, 12:55 AM

Originally Posted by vinaysingh

hi sachin,

i want to implement the web securities with spring framework and i am new to spring and web securities ccan you please help me how to implement web securites with spring framework and what are the classes and files required to implement so and what will be teh directory stucturea,it will be great help to me as i want to learn it

a good link to start with is

Code:

http://www.codercorp.com/blog/spring/security-spring/configuring-spring-security.html
http://www.codercorp.com/blog/spring/security-spring/spring-security-login-logout-form.html

Do some google, read tutorials and if stuck then post in the forum. you will get plenty of help.

**vinaysingh** · Apr 8th, 2009, 01:00 AM

thanks for you reply it will really be helpful for me if i get any samle application on web securities with spring on tomcat as i am trying this development on net beans IDE

Thread: Problem with custom logout filter

Thread Tools

Display

Problem with custom logout filter

I was missing sutoem-filter position

I want to implement web securities with spring

is there any sample application on web securities with tomcat server and spring frame

Posting Permissions