Results 1 to 5 of 5

Thread: custom Authentication Processing Filter

  1. May 4th, 2009, 03:07 PM #1
    j_iceman05
    j_iceman05 is offline Junior Member
    Join Date
    Jan 2009
    Posts
    26

    Default custom Authentication Processing Filter

    I was using a little tutorial from this place and tried to implement that in my site to try and understand it a little better. But it doesn't even work. Apache can't fails to start my web app.
    Among other stuff, the logs state:
    The type javax.servlet.http.HttpServletRequest cannot be resolved. It is indirectly referenced from required .class files
    The type javax.servlet.http.HttpServletResponse cannot be resolved. It is indirectly referenced from required .class files
    The type javax.servlet.FilterChain cannot be resolved. It is indirectly referenced from required .class files
    The type javax.servlet.ServletException cannot be resolved. It is indirectly referenced from required .class files
    The import javax.servlet.http.HttpServletRequest cannot be resolved
    The import javax.servlet.http.HttpSession cannot be resolved
    The hierarchy of the type MyAuthenticationProcessingFilter is inconsistent
    The type javax.servlet.Filter cannot be resolved. It is indirectly referenced from required .class files
    HttpServletRequest cannot be resolved to a type
    HttpServletResponse cannot be resolved to a type
    MyAuthenticationProcessingFilter.java
    Code:
    package com.security;

import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationException;

import org.springframework.security.providers.UsernamePasswordAuthenticationToken;

import org.springframework.security.ui.AbstractProcessingFilter;
import org.springframework.security.ui.FilterChainOrder;
import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;
import org.springframework.security.util.TextUtils;
import org.springframework.util.Assert;
import org.springframework.jdbc.datasource.DriverManagerDataSource;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

import java.io.IOException;
import java.io.FileInputStream;
import java.util.Properties;

public class MyAuthenticationProcessingFilter extends AuthenticationProcessingFilter {
	protected void onSuccessfulAuthentication(HttpServletRequest request,
			HttpServletResponse response, Authentication authResult)
			throws IOException {
		super.onSuccessfulAuthentication(request, response, authResult);
		request.getSession().setAttribute("myValue", "My value is set");
	}
}
    I don't know what's wrong with the code, I don't understand why it won't work. It looks very similar to the rest of the examples I have found as well.
    For some reason the HttpSession and HttpServletRequest imports can't be resolved and the hierarchy of the type MyAuthenticationProcessingFilter is inconsistent.

    Can anyone please help me out?
    Thanks in advance any help I can get.
  2. May 5th, 2009, 11:35 AM #2
    j_iceman05
    j_iceman05 is offline Junior Member
    Join Date
    Jan 2009
    Posts
    26

    Default Please help.

    Does anyone know why i would have gotten these 3 errors?
    The import javax.servlet.http.HttpServletRequest cannot be resolved
    The import javax.servlet.http.HttpSession cannot be resolved
    The hierarchy of the type MyAuthenticationProcessingFilter is inconsistent
    I have checked multiple times to make sure that the class I'm importing is correct, and it is. Why can it not be resolved?
    Also, how is the hierarchy inconsistent?

    Has anyone else experienced these problems? Does anyone know how I can fix it?
    Again, thanks to all who can help.
  3. May 5th, 2009, 06:57 PM #3
    ortang
    ortang is offline Junior Member
    Join Date
    Dec 2008
    Location
    Austria, Eferding
    Posts
    14

    Default

    check your classpath again, i bet you miss the servlet-api lib.
    if you use a app-server make sure you export the referenced librarys to the WEB-INF/lib folder.

    *hth*
  4. May 6th, 2009, 10:26 AM #4
    j_iceman05
    j_iceman05 is offline Junior Member
    Join Date
    Jan 2009
    Posts
    26

    Default new problem

    Well, Thank you very much ortang!
    That was the reason i was getting those errors.

    Now however, I am getting this error
    [ERROR,ContextLoader,http-8080-3] Context initialization failed
    org.springframework.beans.factory.BeanCreationExce ption: Error creating bean with name '_filterChainProxy': Initialization of bean failed; nested exception is org.springframework.security.config.SecurityConfig urationException: Filters 'com.security.MyAuthenticationProcessingFilter[ order=700; ]' and 'org.springframework.security.ui.webapp.Authentica tionProcessingFilter[ order=700; ]' have the same 'order' value. When using custom filters, please make sure the positions do not conflict with default filters. Alternatively you can disable the default filters by removing the corresponding child elements from <http> and avoiding the use of <http auto-config='true'>.
    However, i have <security:http auto-config="false">. I have read somewhere that if you have the "<form-login />" tag within the http tags, then that could cause the same problem. If I take it out though, then I get this error:
    [ERROR,ContextLoader,http-8080-3] Context initialization failed

    org.springframework.beans.factory.parsing.BeanDefi nitionParsingException: Configuration problem: No AuthenticationEntryPoint could be established. Please make sure you have a login mechanism configured through the namespace (such as form-login) or specify a custom AuthenticationEntryPoint with the custom-entry-point-ref attribute
    So it would be like a lose-lose situation, I have it and it makes a conflict in ordering, I don't and there's an entry point problem...

    Here is part of my applicationContext-security.xml file
    Code:
        <security:http auto-config="false">
        <security:intercept-url pattern="/*" access="IS_AUTHENTICATED_REMEMBERED" />
        <security:intercept-url pattern="/login.zul" filters="none" />
	    <security:form-login login-page="/login.zul"/>
    </security:http>

	<security:authentication-manager alias="authenticationManager" />
	
	<!-- Cutom login filter which replaces the default AUTHENTICATION_PROCESSING_FILTER -->
	<bean id="authenticationProcessingFilter" class="com.security.MyAuthenticationProcessingFilter">
		<security:custom-filter position="AUTHENTICATION_PROCESSING_FILTER" />
		<property name="defaultTargetUrl" value="/index.zul" />
		<property name="authenticationManager" ref="authenticationManager" />
	</bean>

	<!-- need to define an AuthenticationProcessingFilterEntryPoint since we’re going to break the default filter chain -->
	<bean id="authenticationProcessingFilterEntryPoint"	class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
		<property name="loginFormUrl" value="/login.zul" />
		<property name="forceHttps" value="false" />
	</bean>
    Everywhere I've seen, they just say set auto-config="false" and it takes care of the problem, anyone know why it wouldn't for me?

    And thanks again ortang, I greatly appreciate your help.
    -James
  5. May 6th, 2009, 02:26 PM #5
    j_iceman05
    j_iceman05 is offline Junior Member
    Join Date
    Jan 2009
    Posts
    26

    Talking Found the problem, and solution

    After more searching, I found it.

    Code:
    <security:http auto-config="false" entry-point-ref="authenticationProcessingFilterEntryPoint">
    Adding that "entry-point-ref" portion to the http tag fixed it and it works now.

    Thank you to all those who took the time to look and at least try to help.
    Again thank you ortang for your help with that servlet-api lib portion

    Thanks
    -James
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules