How to custom(override) Spring security filter or provider?

[jeffyd]

Hi all
I am using Spring security 3 with openID, there are something I want to use my own demand.

1. use own filterProcessesUrl
the default openid check url is j_spring_openid_security_check, but I want it to be openidlogin(e.g.), so it could be configured in filter, but what I did didn't work.
My configuration is as follows:

Code:

	<!-- custom filter -->
	<b:bean id="openIdFilter"
class="org.springframework.security.openid.OpenIDAuthenticationFilter">
		<b:property name="authenticationManager" ref="authenticationManager" />
		<b:property name="filterProcessesUrl" value="/openidlogin" />
		<b:property name="defaultTargetUrl" value="/sso" />
		<b:property name="alwaysUseDefaultTargetUrl" value="true" />
		<b:property name="authenticationFailureUrl" value="/openid/login.jsp?login_error=true" />
	</b:bean>

I also configured a entrypoint which it needed. I know we can custom a filter and use position adding it to FilterChainProxy, But I just override OpenIDAuthenticationFilter, how can I do?

2. use own provider
The default OpenIDAuthenticationProvider must use userDetailsService, but I didn't want to use it, so I need to override OpenIDAuthenticationProvider,

Code:

<b:bean id="customAuthenticationProvider" class="com.dingfei.openid.provider.MyOpenIDProvider" />
<authentication-manager>
	<authentication-provider ref="customAuthenticationProvider" />
</authentication-manager>

but it doesn't work, the spec instruct me how to do like that. so how can I do?

the http configuration is as follows:

Code:

 <http>
        <intercept-url pattern="/**" access="ROLE_USER"/>
        <intercept-url pattern="/openidlogin.jsp*" filters="none"/>
        <logout/>
        <openid-login login-page="/openidlogin.jsp" 
        			authentication-failure-url="/openidlogin.jsp?login_error=true" 
        			default-target-url="/success.jsp">
            <attribute-exchange>
                <openid-attribute name="email" type="http://schema.openid.net/contact/email" required="true" count="1"/>
                <openid-attribute name="name" type="http://schema.openid.net/namePerson/friendly" />
            </attribute-exchange>
        </openid-login>
        <remember-me token-repository-ref="tokenRepo"/>
    </http>

generally, could anyone can tell me how to custom(override) Spring security filter or provider?

Best regards!

[Marten Deinum]

That is all explained in the reference guide.

Filters need to be specified AND added to the security configuration simply putting them in there doesn't make them work. You will need to find the name of the filter. Although why make it so complex and not simply specify the 'login-processing-url' for the 'openid-login' element. That should work without redefining the filter.

Just wondering about 2 why don't you want to use a UserDetailService implementation, which basically goes against the Spring Security architecture as it is needed in several locations.