In a Spring Security 3.2 based application I have a explicit configured <code>UsernamePasswordAuthenticationFilter</code>, that need an reference to the <code>sessionAuthenticationStrategy</code> (in order to invoke <code>.onAuthentication</code>).* The <code>sessionAuthenticationStrategy</code> is the default one created by <code><security:http></code> (<code>HttpSecurityBeanDefinitionParser</code>). My question: Is how can I get an reference to the <code>SessionAuthenticationStrategy</code> without configuring the complete <code>SessionAuthenticationStrategy</code> explicite, so that I can inject this reference in XML configuration? <pre class="prettyprint"><code><security:http auto-config="false" use-expressions="true" entry-point-ref="loginUrlAuthenticationEntryPoint" access-decision-manager-ref="httpAccessDecisionManager"> ... <security:custom-filter ref="usernamePasswordAuthenticationFilter" position="FORM_LOGIN_FILTER"/> ... </security:http> ... <bean id="usernamePasswordAuthenticationFilter" class=" o.s.scurity.web.authentication.UsernamePasswordAuthenticationFilter"> <property name="sessionAuthenticationStrategy" ref="????"> <!-- ?? -> ... </bean> </code></pre> *my real <code>UsernamePasswordAuthenticationFilter</code> is a customized subclass, but that should not matter for this question

When working with JavaConfig (I'm afraid is not your case) you can get a reference by doing <pre class="prettyprint"><code> http.getConfigurer(SessionManagementConfigurer.class).init(http); http.getSharedObject(SessionAuthenticationStrategy.class); </code></pre>

How to get a reference to SessionAuthenticationStrategy without configuring the strategy explicit?

Tags:

java

spring

spring-security

In a Spring Security 3.2 based application I have a explicit configured UsernamePasswordAuthenticationFilter, that need an reference to the sessionAuthenticationStrategy (in order to invoke .onAuthentication).*

The sessionAuthenticationStrategy is the default one created by <security:http> (HttpSecurityBeanDefinitionParser).

My question: Is how can I get an reference to the SessionAuthenticationStrategy without configuring the complete SessionAuthenticationStrategy explicite, so that I can inject this reference in XML configuration?

<security:http auto-config="false" use-expressions="true"
    entry-point-ref="loginUrlAuthenticationEntryPoint" 
    access-decision-manager-ref="httpAccessDecisionManager">
    ...
    <security:custom-filter
             ref="usernamePasswordAuthenticationFilter"
             position="FORM_LOGIN_FILTER"/>
    ...
</security:http>

...

<bean id="usernamePasswordAuthenticationFilter"
    class=" o.s.scurity.web.authentication.UsernamePasswordAuthenticationFilter">

   <property name="sessionAuthenticationStrategy" ref="????">   <!-- ?? ->
   ...
</bean>

*my real UsernamePasswordAuthenticationFilter is a customized subclass, but that should not matter for this question

652

asked Oct 17 '14 17:10

Ralph

1 Answers

When working with JavaConfig (I'm afraid is not your case) you can get a reference by doing

        http.getConfigurer(SessionManagementConfigurer.class).init(http);
        http.getSharedObject(SessionAuthenticationStrategy.class);

answered Oct 12 '22 01:10

Jordi

Related questions
                            
                                Android - HttpUrlConnection is not closing. Eventually results to SocketException
                            
                                Java Swing : JSplitPane split two component equals size at start up
                            
                                How to get character array which is inside StringBuilder to avoid array copy
                            
                                Java : Get heap dump without jmap or without hanging the application
                            
                                SSL with Grizzly and Jersey
                            
                                Why the Number class doesn't have methods like add() or negate()?
                            
                                Number of objects created during string concatenation
                            
                                How to check a string contains only digits and one occurrence of a decimal point?
                            
                                Hive describe partitions to show partition url
                            
                                No create XHTML option in Eclipse
                            
                                Which is "better". AtomicIntegerArray (1/0 as true/false) versus AtomicBoolean[]?
                            
                                Wrong algorithm: AES or Rijndael required
                            
                                javac: invalid target release: 1.7
                            
                                Invalid AES key length: 128 bytes?
                            
                                super keyword without extends to the super class
                            
                                Difference between Hibernate session.getTransaction().begin() vs session.beginTransaction()
                            
                                It does not throw exception ConcurrentModificationException [duplicate]
                            
                                ElasticSearch Java Client querying nested objects
                            
                                Spring optional parameter int
                            
                                Is the java.exe program the actual VM? [duplicate]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!

Donate Us With