H i'm using spring security for form-login i have <pre class="prettyprint lang-xml prettyprint-override"><code><http auto-config="true"> <intercept-url pattern="/pages/**" access="ROLE_USER" /> <form-login authentication-success-handler-ref="authenticationSuccessHandler" login-page="/login.html" default-target-url="/pages/index.html" always-use-default-target="true" authentication-failure-url="/login.html" /> <logout logout-success-url="/login.html" invalidate-session="true" /> <anonymous enabled='false'/> </http> </code></pre> here i can set an <code>authentication-success-handler-ref</code>, how can i add one to my basic authentication: <pre class="prettyprint lang-xml prettyprint-override"><code><http pattern="/REST/**" realm="REALM" entry-point-ref="authenticationEntryPoint"> <intercept-url pattern="/**" access="ROLE_USER" /> <http-basic /> <logout logout-url="/REST/logout" success-handler-ref="restLogoutSuccessHandler" /> </http> </code></pre> i thought abour overriding BasicAuthenticationFilter, but how can i inject my cutom class for <code><http-basic /></code>

You cannot set an authentication success handler for BASIC authentication. You can, however, extend BasicAuthenticationFilter and override onSuccessfulAuthentication method: <pre class="prettyprint lang-java prettyprint-override"><code>@Component("customBasicAuthFilter") public class CustomBasicAuthFilter extends BasicAuthenticationFilter { @Autowired public CustomBasicAuthFilter(AuthenticationManager authenticationManager) { super(authenticationManager); } protected void onSuccessfulAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, Authentication authResult) { // Do what you want here } } </code></pre> Inject it in your security configuration with something like: <pre class="prettyprint lang-xml prettyprint-override"><code><http entry-point-ref="basicEntryPoint"> <custom-filter ref="customBasicAuthFilter" position="BASIC_AUTH_FILTER"/> </http> <authentication-manager alias="authenticationManager"> ... </authentication-manager> </code></pre> Update: Or with Java config instead of XML: <pre class="prettyprint lang-java prettyprint-override"><code>@Override protected void configure(HttpSecurity http) throws Exception { http .addFilterAt(customBasicAuthFilter, BasicAuthenticationFilter.class) .exceptionHandling().authenticationEntryPoint(basicEntryPoint); } </code></pre>

Spring security 3 http-basic authentication-success-handler

H i'm using spring security

for form-login i have

<http auto-config="true">
        <intercept-url pattern="/pages/**" access="ROLE_USER" />
        <form-login authentication-success-handler-ref="authenticationSuccessHandler" login-page="/login.html" default-target-url="/pages/index.html"
            always-use-default-target="true" authentication-failure-url="/login.html" />
        <logout logout-success-url="/login.html" invalidate-session="true" />
        <anonymous enabled='false'/>
</http>

here i can set an authentication-success-handler-ref, how can i add one to my basic authentication:

<http pattern="/REST/**" realm="REALM" entry-point-ref="authenticationEntryPoint">
    <intercept-url pattern="/**" access="ROLE_USER" />
    <http-basic  />
    <logout logout-url="/REST/logout" success-handler-ref="restLogoutSuccessHandler" />
</http>

i thought abour overriding BasicAuthenticationFilter, but how can i inject my cutom class for <http-basic />

How do I install AuthenticationSuccessHandler?

Modify you applicationContext.In your applicationContext. xml, create a new bean containing our Custom AuthenticationSuccessHandler class. Next, add our custom authenticationsuccesshandler bean to our form login or create a new form login entity if you don't have one. form login is part of the http filter.

Is WebSecurityConfigurerAdapter deprecated?

The type WebSecurityConfigurerAdapter is deprecatedWell, it's because the developers of Spring framework encourage users to move towards a component-based security configuration.

You cannot set an authentication success handler for BASIC authentication. You can, however, extend BasicAuthenticationFilter and override onSuccessfulAuthentication method:

@Component("customBasicAuthFilter")
public class CustomBasicAuthFilter extends BasicAuthenticationFilter {

    @Autowired
    public CustomBasicAuthFilter(AuthenticationManager authenticationManager) {
        super(authenticationManager);
    }

    protected void onSuccessfulAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, Authentication authResult) {
        // Do what you want here
    }
}

Inject it in your security configuration with something like:

<http entry-point-ref="basicEntryPoint">
  <custom-filter ref="customBasicAuthFilter" position="BASIC_AUTH_FILTER"/>
</http>
<authentication-manager alias="authenticationManager">
  ...
</authentication-manager>

Update: Or with Java config instead of XML:

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
      .addFilterAt(customBasicAuthFilter, BasicAuthenticationFilter.class)
      .exceptionHandling().authenticationEntryPoint(basicEntryPoint);
}

Spring security 3 http-basic authentication-success-handler

Tags:

basic-authentication

spring-security

wutzebaer

People also ask

1 Answers

holmis83

Recent Activity

Donate For Us

Spring security 3 http-basic authentication-success-handler

Tags:

basic-authentication

spring-security

wutzebaer

People also ask

1 Answers

holmis83

Related questions

Recent Activity

Donate For Us