-
Jun 7th, 2010, 06:00 AM
#1
preauthentication in spring
hi all,
i am very new to spring and trying to use spring security preauthentication.
following are the configuration i did:
security-context.xml
-------------------------
<http auto-config='true' use-expressions="true">
<intercept-url pattern="/search.html" access="hasRole('ROLE_USER')" />
<intercept-url pattern="/edit.html" access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/login.html" access="permitAll" />
<intercept-url pattern="/static/**" access="permitAll" />
<intercept-url pattern="/" access="permitAll" />
<intercept-url pattern="/**" access="permitAll" />
<form-login login-page="/login.html" login-processing-url="/loginProcess.html"
default-target-url="/search.html" />
<logout logout-url="/logout.html" />
<custom-filter ref="siteminderFilter" position="PRE_AUTH_FILTER" />
</http>
<!--
naveen:newyork
jyoti:newjersey
-->
<beans:bean id="siteminderFilter"
class="com.spring.security.web.security.CustomRequ estHeaderAuthenticationFilter">
<beans
roperty name="authenticationManager" ref="authenticationManager" />
</beans:bean>
<beans:bean id="preauthAuthProvider"
class="org.springframework.security.web.authentica tion.preauth.PreAuthenticatedAuthenticationProvide r">
<beansroperty name="preAuthenticatedUserDetailsService">
<beans:bean id="userDetailsServiceWrapper"
class="org.springframework.security.core.userdetai ls.UserDetailsByNameServiceWrapper">
<beansroperty name="userDetailsService" ref="userDetailsService" />
</beans:bean>
</beansroperty>
</beans:bean>
<beans:bean id="userDetailsService"
class="com.spring.security.web.model.service.UserD etailsServiceImpl"></beans:bean>
<authentication-manager alias="authenticationManager">
<authentication-provider ref="preauthAuthProvider" />
</authentication-manager>
======================
Login.jsp
-----------
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt"%>
<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form"%>
<form action="loginProcess.html" method="post">
<table class="search">
<tr>
<td>Username</td>
<td><input type="text" name="j_username" id="j_username" /></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" name="j_password" id="j_password" /></td>
</tr>
<tr>
<td><input name="submit" id="submit" type="submit" value="Login" /></td>
<td></td>
</tr>
</table>
</form>
=====================
CustomRequestHeaderAuthenticationFilter.java which extends AbstractPreAuthenticatedProcessingFilter
package com.spring.security.web.security;
//import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import org.springframework.security.web.authentication.pr eauth.AbstractPreAuthenticatedProcessingFilter;
//import org.springframework.security.web.authentication.pr eauth.RequestHeaderAuthenticationFilter;
//import org.springframework.security.web.authentication.pr eauth.RequestHeaderAuthenticationFilter;
public class CustomRequestHeaderAuthenticationFilter extends
AbstractPreAuthenticatedProcessingFilter {
@Override
protected Object getPreAuthenticatedCredentials(HttpServletRequest request) {
// TODO Auto-generated method stub
String password = request.getParameter("j_password");
return password;
}
@Override
protected Object getPreAuthenticatedPrincipal(HttpServletRequest request) {
// TODO Auto-generated method stub
String username = request.getParameter("j_username");
return username;
}
}
=======================
UserDetailServiceImpl
---------------------
package com.spring.security.web.model.service;
import java.util.ArrayList;
import org.springframework.dao.DataAccessException;
import org.springframework.security.core.GrantedAuthority ;
import org.springframework.security.core.authority.Grante dAuthorityImpl;
import org.springframework.security.core.userdetails.User Details;
import org.springframework.security.core.userdetails.User DetailsService;
import org.springframework.security.core.userdetails.User nameNotFoundException;
import org.springframework.security.core.userdetails.User ;
public class UserDetailsServiceImpl implements UserDetailsService {
GrantedAuthorityImpl roleUser = new GrantedAuthorityImpl("ROLE_USER");
GrantedAuthorityImpl roleAdmin = new GrantedAuthorityImpl("ROLE_ADMIN");
@Override
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException, DataAccessException {
// TODO Auto-generated method stub
User user = null;
ArrayList<GrantedAuthority> userAuth = new ArrayList<GrantedAuthority>();
ArrayList<GrantedAuthority> adminAuth = new ArrayList<GrantedAuthority>();
userAuth.add(roleUser);
adminAuth.add(roleUser);
adminAuth.add(roleAdmin);
if (username.equals("naveen")) {
user = new User("naveen", "369389d19e24204b4927e30dd7c39efc", true, true, true, true,
adminAuth);
} else if (username.equals("jyoti")) {
user = new User("jyoti", "newjersey", true, true, true, true,
userAuth);
} else {
throw new UsernameNotFoundException("User Does not exist!");
}
return user;
}
}
======================
this displays the login page fine. but when i login using credentials, nthing happenes and the same login page appears again n again
=========================
i used the same application with just the default spring security and it worked fine ther. can anyone have a look in the codes and help me
-
Jun 7th, 2010, 01:17 PM
#2
preauthentication in spring
I am not sure regarding your security-context.xml.
But what i know is if you want to customize spring security.. you need to write authenticationprocessingfilter with appropriate property values in xml file.
any specific reason behind doing this with preauthentication?
I don't see any need for preauthentication here. Its simple authentication process.. is that right?
Tags for this Thread
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
