Configuring custom PreAuthenticatedAuthenticationProvider

**sgurusam** · Nov 23rd, 2009, 02:06 AM

I am new to spring security. I want to integrate auto login to the application when request parameter has user.

I tried following implementing AbstractPreAuthenticatedProcessingFilter and AuthenticationUserDetailsService and configuration.

Code:

public class AutoLoginFilter extends AbstractPreAuthenticatedProcessingFilter {
	@Override
	protected Object getPreAuthenticatedCredentials(HttpServletRequest request) {
		return null;
	}

	@Override
	protected Object getPreAuthenticatedPrincipal(HttpServletRequest request) {
		String user = request.getParameter("user");
		if (StringUtils.hasLength(user)) {
			Collection<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
			authorities.add(new GrantedAuthorityImpl("ROLE_SUPERVISOR"));
			return new User(user , "autologin", true, true, true, true, authorities);
		} else
			return null;
	}
}

public class AuthenticationUserDetailsServiceImpl implements AuthenticationUserDetailsService {
	public UserDetails loadUserDetails(Authentication user) throws UsernameNotFoundException {
		if (user.getPrincipal() != null) {
			return (UserDetails) user.getPrincipal();
		}
		return null;
	}
}

<global-method-security secured-annotations="enabled"/>
	<http auto-config="true" >
		<intercept-url pattern="/login.do*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
		<intercept-url pattern="/**" access="ROLE_USER" />
		<form-login login-page='/login.do' default-target-url='/account/search.do' />
		<custom-filter ref="autoLoginFilter" position="PRE_AUTH_FILTER"/>
	</http>
	<beans:bean id="autoLoginFilter" class="com.pg.backoffice.reports.auth.AutoLoginFilter">
		<beans:property name="authenticationManager" ref="authenticationManager" />
	</beans:bean>
	<beans:bean id="preauthAuthProvider" class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
		<custom-authentication-provider />
		<beans:property  name="preAuthenticatedUserDetailsService" ref="rsa">
		</beans:property>
	</beans:bean>
	<beans:bean id="default" class="com.pg.backoffice.reports.auth.AuthenticationUserDetailsServiceImpl"></beans:bean>
	<authentication-manager alias="authenticationManager">
		<authentication-provider >
			<user-service>
				<user name="admin" password="admin" authorities="ROLE_SUPERVISOR,ROLE_USER, ROLE_TELLER" />
				<user name="root" password="root" authorities="ROLE_USER,ROLE_TELLER" />
			</user-service>
		</authentication-provider>
	</authentication-manager>

But, I am getting below exception.
Caused by: org.xml.sax.SAXParseException: cvc-complex-type.2.4.c: The matching wildcard is strict, but no declaration can be found for element 'custom-authentication-provider'.
at com.sun.org.apache.xerces.internal.util.ErrorHandl erWrapper.createSAXParseException(ErrorHandlerWrap per.java:195)

If I tried commenting out custom-authentication-provider. I am getting below exception

Code:

<beans:bean id="preauthAuthProvider" class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
		<!-- <custom-authentication-provider />  -->
		<beans:property  name="preAuthenticatedUserDetailsService" ref="rsa">
		</beans:property>
	</beans:bean>

EXCEPTION: 
23-11-09 13:33:12,937 DEBUG [http-81-1] com.pg.backoffice.reports.auth.AutoLoginFilter     - Cleared security context due to exception
org.springframework.security.authentication.ProviderNotFoundException: No AuthenticationProvider found for org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken
	at org.springframework.security.authentication.ProviderManager.doAuthentication(ProviderManager.java:156)
	at org.springframework.security.authentication.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:49)
	at org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter.doAuthenticate(AbstractPreAuthenticatedProcessingFilter.java:106)
	at org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter.doFilter(AbstractPreAuthenticatedProcessingFilter.java:76)

Please let me know to configure PreAuthenticatedAuthenticationProvider.

Thanks
siva

**satsranchuser** · Nov 23rd, 2009, 09:15 AM

I have not worked on it, but found a thread that might help.

http://forum.springsource.org/showth...ht=single+sign

**Luke Taylor** · Nov 24th, 2009, 03:41 AM

The custom-provider should now be inside the <authentication-manager /> element. Check out the latest manual or the release announcement(s) for more information:

http://forum.springsource.org/showthread.php?t=79034
http://forum.springsource.org/showthread.php?t=76596

**sgurusam** · Nov 24th, 2009, 10:25 AM

I tried removing custom authentication provider aded ref in authentication provider. But I am getting different exception

Code:

	<beans:bean id="preauthAuthProvider"
		class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
		<beans:property name="preAuthenticatedUserDetailsService">
			<beans:bean class="com.pg.backoffice.reports.auth.RsaAuthenticationUserDetailsService"></beans:bean>
		</beans:property>
		<beans:property name="order" value="1"/>
	</beans:bean>

	<authentication-manager alias="authenticationManager" >
		<authentication-provider ref="preauthAuthProvider"></authentication-provider>
		<authentication-provider >
			<user-service>
				<user name="admin" password="admin" authorities="ROLE_SUPERVISOR,ROLE_USER, ROLE_TELLER" />
				<user name="root" password="root" authorities="ROLE_USER,ROLE_TELLER" />
			</user-service>
		</authentication-provider>
	</authentication-manager>

Exception:

Code:

org.springframework.security.authentication.ProviderNotFoundException: No AuthenticationProvider found for org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken
	at org.springframework.security.authentication.ProviderManager.doAuthentication(ProviderManager.java:156)
	at org.springframework.security.authentication.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:49)
	at org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter.doAuthenticate(AbstractPreAuthenticatedProcessingFilter.java:106)
	at org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter.doFilter(AbstractPreAuthenticatedProcessingFilter.java:76)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:356)
	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:80)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:356)
	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:150)
	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)

**sgurusam** · Nov 24th, 2009, 11:45 AM

I am able to integrate with following code changes. Thanks for the responses.

Code:

	<global-method-security secured-annotations="enabled">
	</global-method-security>
	<http auto-config="false">
		<intercept-url pattern="/login.do*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
		<intercept-url pattern="/**" access="ROLE_USER" />
		<form-login login-page='/login.do' default-target-url='/account/search.do' />
		<custom-filter ref="autoLoginFilter" position="PRE_AUTH_FILTER" />
		<logout logout-url="/logout.do" logout-success-url="/login.do"/>
	</http>

	<beans:bean id="autoLoginFilter" class="com.pg.backoffice.reports.auth.AutoLoginFilter">
		<beans:property name="authenticationManager" ref="authenticationManager" />
	</beans:bean>
	<beans:bean id="preauthAuthProvider"
		class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
		<beans:property name="preAuthenticatedUserDetailsService">
			<beans:bean class="com.pg.backoffice.reports.auth.RsaAuthenticationUserDetailsService"></beans:bean>  
		</beans:property>
		<beans:property name="order" value="1"/>
	</beans:bean>

	<authentication-manager alias="authenticationManager" >
		<authentication-provider ref="preauthAuthProvider" ></authentication-provider>
		<authentication-provider >
			<user-service id="rsaUser">
				<user name="admin" password="admin" authorities="ROLE_SUPERVISOR,ROLE_USER, ROLE_TELLER" />
				<user name="root" password="root" authorities="ROLE_USER,ROLE_TELLER" />
			</user-service>
		</authentication-provider>
	</authentication-manager>

Code:

public class AutoLoginFilter extends AbstractPreAuthenticatedProcessingFilter {

	@Override
	protected Object getPreAuthenticatedCredentials(HttpServletRequest request) {
		String user = request.getParameter("user");
		if (StringUtils.hasLength(user)) {
			return "ROLE_SUPERVISOR";
		} else
			return null;
	}

	@Override
	protected Object getPreAuthenticatedPrincipal(HttpServletRequest request) {
		System.out.println("getPreAuthenticatedCredentials: " + request.getRequestURI());
		String user = request.getParameter("user");
		if (StringUtils.hasLength(user)) {
			return user;
		} else
			return null;
	}
}

Code:

public class RsaAuthenticationUserDetailsService implements AuthenticationUserDetailsService{

	public UserDetails loadUserDetails(Authentication user) throws UsernameNotFoundException {
		if (user.getPrincipal() != null) {
			Collection<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
			authorities.add(new GrantedAuthorityImpl("ROLE_USER"));
			return new User((String) user.getPrincipal(), "none", true, true, true, true, authorities);
		}
		return null;
	}
}

**lessismore** · Nov 24th, 2009, 03:02 PM

How does one specify a customer Authentication Provider to be used with core version 2.0.4 since the ref="customAuthenticationProvider" is not allowed.

Code:

	<authentication-provider>
		<password-encoder  ref="customEncoder" />
		<jdbc-user-service data-source-ref="dataSource"
				users-by-username-query="SELECT email as 'username', password as 'password', 1  FROM user WHERE email = ?"
				authorities-by-username-query="SELECT email as 'username', (CASE roleId WHEN 2 THEN 'ROLE_ADMIN' ELSE 'ROLE_USER' END) as 'authority' FROM user WHERE email=?" />
	</authentication-provider>

We have a custom encoding that needs to be used, "customerEncoder" . The user's password needs to be passed as "userName" + "password" for the custom encoder to match correctly the password. Thus, this is the only reason the custom Authentication Provider is needed.

Thread: Configuring custom PreAuthenticatedAuthenticationProvider

Thread Tools

Display

Configuring custom PreAuthenticatedAuthenticationProvider

Posting Permissions