Spring Security 3 + Custom Filters Problem + <http authentication-failure-handler-ref
Hi,
I'm trying to implement a custom filter that will be invoked when a user makes an successful (or unsuccessful) login attempt.
Here is my code snippet that performs the authentication attempt:
NB The request is coming from a Flex client via RemoteObject.Code:public void attemptLogin(String username, String password){ Authentication authenticationRequest = new UsernamePasswordAuthenticationToken(username, password); authenticationRequest = authManager.authenticate(authenticationRequest); if (authenticationRequest.isAuthenticated()) { SecurityContextHolder.getContext().setAuthentication(authenticationRequest); } }
This works & I can log in, as the followin log statements illustrate:
The problem is my custom filter is not being invoked, despite it saying in the logs:Code:10-04-01 15:00:53,732 - http-8080-3 - DEBUG - security.authentication.ProviderManager - Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider 2010-04-01 15:00:53,732 - http-8080-3 - DEBUG - ilm.util.TycoReloadableResourceBundleMessageSource - Loading properties [messages.properties] 2010-04-01 15:00:53,732 - http-8080-3 - DEBUG - ilm.util.TycoReloadableResourceBundleMessageSource - No properties file found for [WEB-INF/locale/messages_en] - neither plain properties nor XML 2010-04-01 15:00:53,732 - http-8080-3 - DEBUG - ilm.util.TycoReloadableResourceBundleMessageSource - Loading properties [messages_en_GB.properties] 2010-04-01 15:00:53,857 - http-8080-3 - DEBUG - web.access.ExceptionTranslationFilter - Chain processed normally 2010-04-01 15:00:53,857 - http-8080-3 - DEBUG - web.context.HttpSessionSecurityContextRepository - SecurityContext stored to HttpSession: 'org.springframework.security.core.context.SecurityContextImpl@b65f5eed: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@b65f5eed: Principal: org.springframework.security.core.userdetails.User@f6ceba80: Username: kevk; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN; Password: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_ADMIN' 2010-04-01 15:00:53,857 - http-8080-3 - DEBUG - web.context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed 2010-04-01 15:00:53,857 - http-8080-3 - DEBUG - flex.security3.SessionFixationProtectionPostProcessor$PriorityOrderedRequestContextFilter - Cleared thread-bound request context: org.apache.catalina.connector.RequestFacade@b8ea59 2010-04-01 15:00:53,889 - http-8080-2 - DEBUG - security.web.FilterChainProxy - Converted URL to lowercase, from: '/messagebroker/amflongpolling'; to: '/messagebroker/amflongpolling' 2010-04-01 15:00:53,889 - http-8080-2 - DEBUG - security.web.FilterChainProxy - Candidate is: '/messagebroker/amflongpolling'; pattern is /index.html; matched=false 2010-04-01 15:00:53,889 - http-8080-2 - DEBUG - security.web.FilterChainProxy - Converted URL to lowercase, from: '/messagebroker/amflongpolling'; to: '/messagebroker/amflongpolling' 2010-04-01 15:00:53,889 - http-8080-2 - DEBUG - security.web.FilterChainProxy - Candidate is: '/messagebroker/amflongpolling'; pattern is /**/*.swf; matched=false 2010-04-01 15:00:53,889 - http-8080-2 - DEBUG - security.web.FilterChainProxy - Converted URL to lowercase, from: '/messagebroker/amflongpolling'; to: '/messagebroker/amflongpolling' 2010-04-01 15:00:53,889 - http-8080-2 - DEBUG - security.web.FilterChainProxy - Candidate is: '/messagebroker/amflongpolling'; pattern is /**/*.js; matched=false 2010-04-01 15:00:53,889 - http-8080-2 - DEBUG - security.web.FilterChainProxy - Converted URL to lowercase, from: '/messagebroker/amflongpolling'; to: '/messagebroker/amflongpolling' 2010-04-01 15:00:53,889 - http-8080-2 - DEBUG - security.web.FilterChainProxy - Candidate is: '/messagebroker/amflongpolling'; pattern is /**; matched=true 2010-04-01 15:00:53,889 - http-8080-2 - DEBUG - security.web.FilterChainProxy - /messagebroker/amflongpolling at position 1 of 9 in additional filter chain; firing Filter: 'org.springframework.flex.security3.SessionFixationProtectionPostProcessor$PriorityOrderedRequestContextFilter@16401d3' 2010-04-01 15:00:53,889 - http-8080-2 - DEBUG - flex.security3.SessionFixationProtectionPostProcessor$PriorityOrderedRequestContextFilter - Bound request context to thread: org.apache.catalina.connector.RequestFacade@174ba2a 2010-04-01 15:00:53,904 - http-8080-2 - DEBUG - security.web.FilterChainProxy - /messagebroker/amflongpolling at position 2 of 9 in additional filter chain; firing Filter: 'org.springframework.security.web.context.SecurityContextPersistenceFilter@6a400c' 2010-04-01 15:00:53,904 - http-8080-2 - DEBUG - web.context.HttpSessionSecurityContextRepository - Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@b65f5eed: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@b65f5eed: Principal: org.springframework.security.core.userdetails.User@f6ceba80: Username: kevk; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN; Password: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_ADMIN' 2010-04-01 15:00:53,904 - http-8080-2 - DEBUG - security.web.FilterChainProxy - /messagebroker/amflongpolling at position 3 of 9 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@1d34b59' 2010-04-01 15:00:53,904 - http-8080-2 - DEBUG - security.web.FilterChainProxy - /messagebroker/amflongpolling at position 4 of 9 in additional filter chain; firing Filter: 'com.tycoelectronics.northwales.ilm.util.TycoAuthenticationProcessingFilter@f7ca3a' 2010-04-01 15:00:53,904 - http-8080-2 - DEBUG - security.web.FilterChainProxy - /messagebroker/amflongpolling at position 5 of 9 in additional filter chain; firing Filter: 'org.springframework.security.web.savedrequest.RequestCacheAwareFilter@1fdb097' 2010-04-01 15:00:53,904 - http-8080-2 - DEBUG - security.web.FilterChainProxy - /messagebroker/amflongpolling at position 6 of 9 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.AnonymousAuthenticationFilter@5495cf' 2010-04-01 15:00:53,904 - http-8080-2 - DEBUG - web.authentication.AnonymousAuthenticationFilter - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@b65f5eed: Principal: org.springframework.security.core.userdetails.User@f6ceba80: Username: kevk; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN; Password: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_ADMIN' 2010-04-01 15:00:53,904 - http-8080-2 - DEBUG - security.web.FilterChainProxy - /messagebroker/amflongpolling at position 7 of 9 in additional filter chain; firing Filter: 'org.springframework.security.web.session.SessionManagementFilter@1375169' 2010-04-01 15:00:53,904 - http-8080-2 - DEBUG - security.web.FilterChainProxy - /messagebroker/amflongpolling at position 8 of 9 in additional filter chain; firing Filter: 'org.springframework.security.web.access.ExceptionTranslationFilter@c1d588' 2010-04-01 15:00:53,904 - http-8080-2 - DEBUG - security.web.FilterChainProxy - /messagebroker/amflongpolling at position 9 of 9 in additional filter chain; firing Filter: 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor@1a9efcd'
My successfulAuthentication() & unsuccessfulAuthentication() methods are never invoked, (note, my class extends UsernamePasswordAuthenticationFilter)Code:2010-04-01 15:00:53,904 - http-8080-2 - DEBUG - security.web.FilterChainProxy - /messagebroker/amflongpolling at position 4 of 9 in additional filter chain; firing Filter: 'com.tycoelectronics.northwales.ilm.util.TycoAuthenticationProcessingFilter@f7ca3a'
Also, the authentication-failure-handler-ref bean is never invoked either!
Here is my appSecurityContext.xml:
Can somebody please help! I just cannot get any filter or handler to work, all I want is a filter to be informed when a user successfully authenticates (or not)Code:<http servlet-api-provision="false" auto-config="false" entry-point-ref="authenticationProcessingFilterEntryPoint"> <intercept-url pattern="/index.html" filters="none"/> <intercept-url pattern="/**/*.swf" filters="none"/> <intercept-url pattern="/**/*.js" filters="none"/> <!-- intercept-url pattern="/**" access="ROLE_USER"/ --> <form-login login-page="/index.html" authentication-failure-handler-ref="failHand"/> <custom-filter ref="authenticationProcessingFilter" after="FORM_LOGIN_FILTER" /> </http> <beans:bean id="authenticationProcessingFilter" class="com.tycoelectronics.northwales.ilm.util.TestAuthenticationProcessingFilter"> <beans:property name="authenticationManager" ref="authenticationManager" /> </beans:bean> <beans:bean id="failHand" class="com.tycoelectronics.northwales.ilm.util.TycoAuthenticationHandler" /> <beans:bean id="authenticationProcessingFilterEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint"> <beans:property name="loginFormUrl" value="/index.html" /> <beans:property name="forceHttps" value="false" /> </beans:bean>
Thanks in advance,
Kevin
