Customizing AuthenticationFilter

[bytor99999]

Forgot to say at first, this is Security 2.0.4

Can't figure out how to get the AuthenticationFilter to be called, Right now we get

No AuthenticationProvider found for org.springframework.security.providers.UsernamePas swordAuthenticationToken

Code:

<http>
        <http-basic/>
        <anonymous />
        <logout />
        <remember-me />

    	<intercept-url pattern="/**" access="STUM, STUO" />
        <!-- <intercept-url pattern="/shop/**" access="ROLE_USER" />
            <intercept-url pattern="/secure/extreme/**" access="ROLE_SUPERVISOR"/>
            <intercept-url pattern="/secure/**" access="IS_AUTHENTICATED_REMEMBERED" />
            <intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
        -->
	    <logout logout-url="/logout" logout-success-url="/" />

    </http>

    <!-- FOr httpBasic but remove when client is used
    <beans:bean id="basicProcessingFilter" class="org.springframework.security.ui.basicauth.BasicProcessingFilter">
        <beans:property name="authenticationManager" ref="authenticationManager"/>
        <beans:property name="authenticationEntryPoint" ref="authenticationEntryPoint"/>
    </beans:bean>

    <beans:bean id="authenticationEntryPoint" class="org.springframework.security.ui.basicauth.BasicProcessingFilterEntryPoint">
        <beans:property name="realmName" value="Warrior"/>
    </beans:bean> -->

    <beans:bean id="authenticationManager"
                class="org.springframework.security.providers.ProviderManager">
        <beans:property name="providers">
            <beans:list>
                <beans:ref local="daoAuthenticationProvider"/>
            </beans:list>
        </beans:property>
    </beans:bean>                 
    
    <beans:bean id="daoAuthenticationProvider"
            class="org.springframework.security.providers.dao.DaoAuthenticationProvider">
        <beans:property name="userDetailsService" ref="userDetailsService"/>
    </beans:bean>

    <beans:bean id="authenticationFilter" class="com.site.app.security.MyCustomAuthenticationFilter">
        <beans:property name="filterProcessesUrl" value="/j_acegi_security_check"/>
        <beans:property name="authenticationFailureUrl" value="/"/>
        <beans:property name="authenticationManager" ref="authenticationManager"/>
        <beans:property name= "defaultTargetUrl" value="/app/home"/>
        <custom-filter position="AUTHENTICATION_PROCESSING_FILTER"/>
    </beans:bean>

    <beans:bean id="userDetailsService" class="org.springframework.security.userdetails.jdbc.JdbcDaoImpl">
        <beans:property name="dataSource" ref="aDataSource"/>
        <beans:property name="usersByUsernameQuery" value="SELECT u.username AS username, userpassword AS password, 'true' AS enabled
                                           FROM user u
                                          WHERE u.username = ?"/>
        <beans:property name="authoritiesByUsernameQuery" value="SELECT u.username AS username, ug.groupid AS authority
                                                 FROM user u, group ug
                                                WHERE ug.userid = u.userid and u.username = ?"/>
    </beans:bean>

I think I got everything in the configuration.

Anyone see what I am missing?

Thanks

Mark

[Luke Taylor]

You need to set the AuthenticationEntryPoint too (using custom-entry-point-ref). Check out the namespace documentation.

[bytor99999]

You need to set the AuthenticationEntryPoint too (using custom-entry-point-ref). Check out the namespace documentation.

Thanks Luke.

So I think, and this is the resolution for my other thread, that the route we want to go isn't customizing AuthenticationFilter, but to do our Cookie stuff by customizing RememberMeServices and UserDetails and UserDetailsService for the extra fields we want to store for the User.

Mark