Hee: authentication - Custom Spring 3.0 Security Filters, Multiple EntryPoints, AuthenticationProvider -

authentication - Custom Spring 3.0 Security Filters, Multiple EntryPoints, AuthenticationProvider -

i need security have next logic :

check presence of header parameter depending on presence of paremeter either redirect login page (if not authenticated) , or check basic authentication token

in both cases, have same authentication provider , can't have working. delegating entrypoint works fine, never custom authenticationprovider ...

here security config :

    <security:global-method-security     secured-annotations="enabled" />  <security:http entry-point-ref="delegatingauthenticationentrypoint"     use-expressions="true" auto-config="false">     <!-- <security:custom-filter position="form_login_filter" -->     <!-- ref="usernamepasswordauthenticationfilter" /> -->     <!-- <security:custom-filter position="basic_auth_filter" -->     <!-- ref="basicauthenticationfilter" /> -->     <security:intercept-url pattern="/login*"         filters="none" />     <security:intercept-url pattern="/portimalogin*"         filters="none" />     <security:intercept-url pattern="/**"         access="isauthenticated()" /> </security:http>  <bean id="delegatingauthenticationentrypoint"     class="org.springframework.security.web.authentication.delegatingauthenticationentrypoint">     <constructor-arg>         <map>             <entry key="hasheader('portima','true')" value-ref="portimaloginurlauthenticationentrypoint" />         </map>     </constructor-arg>     <property name="defaultentrypoint" ref="authenticationentrypoint" /> </bean>  <bean id="usernamepasswordauthenticationfilter"     class="org.springframework.security.web.authentication.usernamepasswordauthenticationfilter">     <property name="authenticationmanager" ref="authenticationmanager" />     <property name="authenticationfailurehandler" ref="authenticationfailurehandler" /> </bean>  <bean id="basicauthenticationfilter"     class="org.springframework.security.web.authentication.www.basicauthenticationfilter">     <property name="authenticationmanager" ref="authenticationmanager" />     <property name="authenticationentrypoint" ref="authenticationentrypoint" /> </bean>  <bean id="portimaloginurlauthenticationentrypoint"     class="be.ap.common.security.spring.portimaloginurlauthenticationentrypoint">     <property name="loginformurl" value="${portima.login.page}" /> </bean>  <bean id="authenticationentrypoint"     class="org.springframework.security.web.authentication.www.basicauthenticationentrypoint">     <property name="realmname" value="ap" /> </bean>  <security:authentication-manager alias="authenticationmanager">     <security:authentication-provider         ref="authenticationprovider" /> </security:authentication-manager>  <bean id="authenticationprovider" class="be.ap.common.security.spring.apauthenticationprovider" />  <bean id="userdetailsservice" class="be.ap.common.security.spring.apuserdetailsservice" />

any thought ?

i have work.

here context file :

    <security:http entry-point-ref="delegatingauthenticationentrypoint"     use-expressions="true">     <security:custom-filter position="pre_auth_filter"         ref="preauthenticationfilter" />     <security:custom-filter position="form_login_filter"         ref="usernamepasswordauthenticationfilter" />     <security:custom-filter position="basic_auth_filter"         ref="basicauthenticationfilter" />     <security:intercept-url pattern="/login*"         filters="none" />     <security:intercept-url pattern="/portimalogin*"         filters="none" />     <security:intercept-url pattern="/accessdenied*"         filters="none" />     <security:intercept-url pattern="/**"         access="isauthenticated()" />     <security:access-denied-handler ref="accessdeniedhandler" /> </security:http>  <!-- spring security custom filters -->  <bean id="usernamepasswordauthenticationfilter"     class="org.springframework.security.web.authentication.usernamepasswordauthenticationfilter">     <property name="authenticationmanager" ref="authenticationmanager" />     <property name="authenticationfailurehandler" ref="authenticationfailurehandler" /> </bean>  <bean id="basicauthenticationfilter"     class="org.springframework.security.web.authentication.www.basicauthenticationfilter">     <property name="authenticationmanager" ref="authenticationmanager" />     <property name="authenticationentrypoint" ref="authenticationentrypoint" /> </bean>  <bean id="preauthenticationfilter" class="be.ap.common.security.spring.appreauthenticationfilter">     <property name="authenticationmanager" ref="authenticationmanager" /> </bean>  <!-- spring security custom entrypoint -->  <bean id="delegatingauthenticationentrypoint"     class="org.springframework.security.web.authentication.delegatingauthenticationentrypoint">     <constructor-arg>         <map>             <entry key="hasheader('portima','true')" value-ref="portimaloginurlauthenticationentrypoint" />         </map>     </constructor-arg>     <property name="defaultentrypoint" ref="authenticationentrypoint" /> </bean>  <bean id="portimaloginurlauthenticationentrypoint"     class="be.ap.common.security.spring.portimaloginurlauthenticationentrypoint">     <property name="loginformurl" value="${portima.login.page}" /> </bean>  <bean id="authenticationentrypoint"     class="be.ap.common.security.spring.apbasicauthenticationentrypoint">     <property name="realmname" value="ap" /> </bean> <bean id="accessdeniedhandler"     class="org.springframework.security.web.access.accessdeniedhandlerimpl">     <property name="errorpage" value="/accessdenied" /> </bean>  <bean id="authenticationfailurehandler"     class="org.springframework.security.web.authentication.exceptionmappingauthenticationfailurehandler">     <property name="exceptionmappings">         <props>             <prop                 key="org.springframework.security.authentication.badcredentialsexception">                 /accessdenied             </prop>             <prop                 key="org.springframework.security.authentication.credentialsexpiredexception">                 /accessdenied             </prop>             <prop key="org.springframework.security.authentication.lockedexception">                 /accessdenied             </prop>             <prop                 key="org.springframework.security.authentication.disabledexception">                 /accessdenied             </prop>         </props>     </property> </bean>  <!-- spring security authentication manager -->  <security:authentication-manager alias="authenticationmanager">     <security:authentication-provider         ref="authenticationprovider" /> </security:authentication-manager>  <bean id="authenticationprovider" class="be.ap.common.security.spring.apauthenticationprovider" />  <bean id="userdetailsservice" class="be.ap.common.security.spring.apuserdetailsservice" />  <!-- mock --> <bean id="ssoservice" class="be.ap.security.service.ssoservicemockimpl" />

as can see added few things too.

to prepare remorve auto-config attribute, uncommented filters, , defined them properly.

for others wants quick understanding of , here flow :

pre_auth_filter check sso service prefill authentication object (if authenticated in sso) delegatingauthenticationentrypoint take how authenticate depending on request header the 2 ways : custom loginurlauthenticationentrypoint custom basicauthenticationentrypoint

basicauth , loginurlauth utilize same authenticationprovider when preauth uses sso service.

hope helps else !

spring authentication spring-security

Hee

Sunday, 15 August 2010

authentication - Custom Spring 3.0 Security Filters, Multiple EntryPoints, AuthenticationProvider -

No comments:

Post a Comment