Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

spring security custom AuthenticationProvider is called twice and fails

I am trying to implement a form login using spring security with custom AuthenticationProvider.

I am using: spring - 4.1.1.RELEASE spring security - 3.2.5.RELEASE tomcat 7

security-context.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
                                 http://www.springframework.org/schema/beans/spring-beans.xsd
                                 http://www.springframework.org/schema/security 
                                 http://www.springframework.org/schema/security/spring-security.xsd">

    <!-- <http create-session="stateless" authentication-manager-ref="authenticationManager" 
        entry-point-ref="reportsAuthenticationEntryPoint" disable-url-rewriting="true" 
        use-expressions="true" pattern="/report/**"> <intercept-url pattern="/report/**" 
        /> </http> -->

    <http auto-config="true" use-expressions="true">
        <intercept-url pattern="/reports/**" access="isAuthenticated()" />
    </http>

    <beans:bean id="reportsAuthenticationEntryPoint" class="com.test.reporting.web.security.ReportsAuthenticationEntryPoint" />

    <beans:bean id="reportsAuthenticationProvider" class="com.test.reporting.web.security.ReportsAuthenticationProvider" />

    <authentication-manager erase-credentials="true" alias="authenticationManager">
        <authentication-provider ref="reportsAuthenticationProvider" />
    </authentication-manager>

</beans:beans>

I am implementing my custom AuthenticationProvider:

public class ReportsAuthenticationProvider implements AuthenticationProvider
{
    private static final Logger logger = LoggerFactory.getLogger(ReportsAuthenticationProvider.class);

    @Inject
    private ProviderDao providerDao;

    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException
    {
        String providerName = (String) authentication.getName();
        String password = (String) authentication.getCredentials();

        Provider provider = providerDao.findByProviderName(providerName);

        if (provider == null)
        {
            logger.error("authenticate() - unknown provider name " + providerName);
            throw new BadCredentialsException("invalid provider");
        }
        else
        {
            if (StringUtils.isEmpty(password))
            {
                logger.error("authenticate() - no password provider for provider " + providerName);
                throw new InsufficientAuthenticationException("No password for user");
            }
            else
            {
                if (password.equals(provider.getPassword()))
                {
                    UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(providerName, password);
                    SecurityContextHolder.getContext().setAuthentication(authenticationToken);
                    return authenticationToken;
                }
                else
                {
                    logger.error("authenticate() - invalid password for provider " + providerName + " [" + password + "]");
                    throw new BadCredentialsException("invalid credentials");
                }
            }
        }
    }

    @Override
    public boolean supports(Class<?> authentication)
    {
        return UsernamePasswordAuthenticationToken.class.equals(authentication);
    }
}

Custom AuthenticationEntryPoint implementation:

public class ReportsAuthenticationEntryPoint implements AuthenticationEntryPoint
{
    private static final Logger logger = LoggerFactory.getLogger(ReportsAuthenticationEntryPoint.class);

    @Override
    public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException
    {
        logger.error("commence() - authentication failed due to: " + authException.getMessage(), authException);

        if (logger.isDebugEnabled())
        {
            logger.debug("commence() - authentication failed", authException);
        }

        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
        return;
    }
}

For some reason when I go to my page: http://localhost:8080/reporting-ui/reports/view/sport

I am redirected to http://localhost:8080/reporting-ui/spring_security_login;jsessionid=74C6120F66A978DF57A4EB764DE3B313

And I get spring's default login form, I enter my credentials and it stops at my custom AuthenticationProvider and it works well, but for some reason on the server only the method authenticate is then called again but this time with blank password (authentication.getCredentials()) and it fails.

Here are the logs:

coll[http-bio-8080-exec-3] 2015-03-16 12:20:34,526 DEBUG [HttpSessionRequestCache] - DefaultSavedRequest added to Session: DefaultSavedRequest[http://localhost:8080/reporting-ui/reports/view/sport]
coll[http-bio-8080-exec-3] 2015-03-16 12:20:34,526 DEBUG [ExceptionTranslationFilter] - Calling Authentication entry point.
coll[http-bio-8080-exec-3] 2015-03-16 12:20:34,526 DEBUG [DefaultRedirectStrategy] - Redirecting to 'http://localhost:8080/reporting-ui/spring_security_login;jsessionid=48A25BDE619D1C801136C134C9CFAFBB'
coll[http-bio-8080-exec-3] 2015-03-16 12:20:34,526 DEBUG [HttpSessionSecurityContextRepository] - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
coll[http-bio-8080-exec-3] 2015-03-16 12:20:34,526 DEBUG [SecurityContextPersistenceFilter] - SecurityContextHolder now cleared, as request processing completed
coll[http-bio-8080-exec-4] 2015-03-16 12:20:34,542 DEBUG [FilterChainProxy] - /spring_security_login at position 1 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
coll[http-bio-8080-exec-4] 2015-03-16 12:20:34,542 DEBUG [HttpSessionSecurityContextRepository] - HttpSession returned null object for SPRING_SECURITY_CONTEXT
coll[http-bio-8080-exec-4] 2015-03-16 12:20:34,542 DEBUG [HttpSessionSecurityContextRepository] - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@2fd0bd. A new one will be created.
coll[http-bio-8080-exec-4] 2015-03-16 12:20:34,542 DEBUG [FilterChainProxy] - /spring_security_login at position 2 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
coll[http-bio-8080-exec-4] 2015-03-16 12:20:34,542 DEBUG [FilterChainProxy] - /spring_security_login at position 3 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
coll[http-bio-8080-exec-4] 2015-03-16 12:20:34,542 DEBUG [FilterChainProxy] - /spring_security_login at position 4 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
coll[http-bio-8080-exec-4] 2015-03-16 12:20:34,542 DEBUG [FilterChainProxy] - /spring_security_login at position 5 of 12 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter'
coll[http-bio-8080-exec-4] 2015-03-16 12:20:34,542 DEBUG [HttpSessionSecurityContextRepository] - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
coll[http-bio-8080-exec-4] 2015-03-16 12:20:34,542 DEBUG [SecurityContextPersistenceFilter] - SecurityContextHolder now cleared, as request processing completed
coll[http-bio-8080-exec-7] 2015-03-16 12:20:44,082 DEBUG [FilterChainProxy] - /j_spring_security_check at position 1 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
coll[http-bio-8080-exec-7] 2015-03-16 12:20:44,083 DEBUG [HttpSessionSecurityContextRepository] - HttpSession returned null object for SPRING_SECURITY_CONTEXT
coll[http-bio-8080-exec-7] 2015-03-16 12:20:44,083 DEBUG [HttpSessionSecurityContextRepository] - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@2fd0bd. A new one will be created.
coll[http-bio-8080-exec-7] 2015-03-16 12:20:44,083 DEBUG [FilterChainProxy] - /j_spring_security_check at position 2 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
coll[http-bio-8080-exec-7] 2015-03-16 12:20:44,083 DEBUG [FilterChainProxy] - /j_spring_security_check at position 3 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
coll[http-bio-8080-exec-7] 2015-03-16 12:20:44,083 DEBUG [FilterChainProxy] - /j_spring_security_check at position 4 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
coll[http-bio-8080-exec-7] 2015-03-16 12:20:44,083 DEBUG [UsernamePasswordAuthenticationFilter] - Request is to process authentication
coll[http-bio-8080-exec-7] 2015-03-16 12:20:44,084 DEBUG [ProviderManager] - Authentication attempt using com.test.reporting.web.security.ReportsAuthenticationProvider
coll[http-bio-8080-exec-7] 2015-03-16 12:20:47,965 DEBUG [SharedEntityManagerCreator$SharedEntityManagerInvocationHandler] - Creating new EntityManager for shared EntityManager invocation
Hibernate: select provider0_.id as id1_0_, provider0_.application_provider_id as applicat2_0_, provider0_.domain as domain3_0_, provider0_.ga_profile_id as ga_profi4_0_, provider0_.logo_url as logo_url5_0_, provider0_.name as name6_0_, provider0_.password as password7_0_, provider0_.start_date as start_da8_0_ from providers provider0_ where provider0_.name=?
coll[http-bio-8080-exec-7] 2015-03-16 12:20:48,485 DEBUG [EntityManagerFactoryUtils] - Closing JPA EntityManager
coll[http-bio-8080-exec-7] 2015-03-16 12:20:48,485 DEBUG [CompositeSessionAuthenticationStrategy] - Delegating to org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy@468a28b0
coll[http-bio-8080-exec-7] 2015-03-16 12:20:48,485 DEBUG [SessionFixationProtectionStrategy] - Invalidating session with Id '48A25BDE619D1C801136C134C9CFAFBB' and migrating attributes.
coll[http-bio-8080-exec-7] 2015-03-16 12:20:48,501 DEBUG [SessionFixationProtectionStrategy] - Started new session: C312B1A7F928D7995C55DA0882EB0A37
coll[http-bio-8080-exec-7] 2015-03-16 12:20:48,501 DEBUG [UsernamePasswordAuthenticationFilter] - Authentication success. Updating SecurityContextHolder to contain: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@fffc1f62: Principal: sport; Credentials: [PROTECTED]; Authenticated: false; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffd3270: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 48A25BDE619D1C801136C134C9CFAFBB; Not granted any authorities
coll[http-bio-8080-exec-7] 2015-03-16 12:20:48,501 DEBUG [SavedRequestAwareAuthenticationSuccessHandler] - Redirecting to DefaultSavedRequest Url: http://localhost:8080/reporting-ui/reports/view/sport
coll[http-bio-8080-exec-7] 2015-03-16 12:20:48,501 DEBUG [DefaultRedirectStrategy] - Redirecting to 'http://localhost:8080/reporting-ui/reports/view/sport'
coll[http-bio-8080-exec-7] 2015-03-16 12:20:48,501 DEBUG [HttpSessionSecurityContextRepository] - SecurityContext stored to HttpSession: 'org.springframework.security.core.context.SecurityContextImpl@fffc1f62: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@fffc1f62: Principal: sport; Credentials: [PROTECTED]; Authenticated: false; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffd3270: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 48A25BDE619D1C801136C134C9CFAFBB; Not granted any authorities'
coll[http-bio-8080-exec-7] 2015-03-16 12:20:48,501 DEBUG [SecurityContextPersistenceFilter] - SecurityContextHolder now cleared, as request processing completed
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,501 DEBUG [FilterChainProxy] - /reports/view/sport at position 1 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,501 DEBUG [HttpSessionSecurityContextRepository] - Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@fffc1f62: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@fffc1f62: Principal: sport; Credentials: [PROTECTED]; Authenticated: false; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffd3270: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 48A25BDE619D1C801136C134C9CFAFBB; Not granted any authorities'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,501 DEBUG [FilterChainProxy] - /reports/view/sport at position 2 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [FilterChainProxy] - /reports/view/sport at position 3 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [FilterChainProxy] - /reports/view/sport at position 4 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [FilterChainProxy] - /reports/view/sport at position 5 of 12 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [FilterChainProxy] - /reports/view/sport at position 6 of 12 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [FilterChainProxy] - /reports/view/sport at position 7 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [DefaultSavedRequest] - pathInfo: both null (property equals)
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [DefaultSavedRequest] - queryString: both null (property equals)
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [DefaultSavedRequest] - requestURI: arg1=/reporting-ui/reports/view/sport; arg2=/reporting-ui/reports/view/sport (property equals)
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [DefaultSavedRequest] - serverPort: arg1=8080; arg2=8080 (property equals)
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [DefaultSavedRequest] - requestURL: arg1=http://localhost:8080/reporting-ui/reports/view/sport; arg2=http://localhost:8080/reporting-ui/reports/view/sport (property equals)
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [DefaultSavedRequest] - scheme: arg1=http; arg2=http (property equals)
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [DefaultSavedRequest] - serverName: arg1=localhost; arg2=localhost (property equals)
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [DefaultSavedRequest] - contextPath: arg1=/reporting-ui; arg2=/reporting-ui (property equals)
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [DefaultSavedRequest] - servletPath: arg1=/reports/view/sport; arg2=/reports/view/sport (property equals)
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [HttpSessionRequestCache] - Removing DefaultSavedRequest from session if present
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [FilterChainProxy] - /reports/view/sport at position 8 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [FilterChainProxy] - /reports/view/sport at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [AnonymousAuthenticationFilter] - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@fffc1f62: Principal: sport; Credentials: [PROTECTED]; Authenticated: false; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffd3270: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 48A25BDE619D1C801136C134C9CFAFBB; Not granted any authorities'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [FilterChainProxy] - /reports/view/sport at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [FilterChainProxy] - /reports/view/sport at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [FilterChainProxy] - /reports/view/sport at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [AntPathRequestMatcher] - Checking match of request : '/reports/view/sport'; against '/reports/**'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [FilterSecurityInterceptor] - Secure object: FilterInvocation: URL: /reports/view/sport; Attributes: [ROLE_REPORT]
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [ProviderManager] - Authentication attempt using com.test.reporting.web.security.ReportsAuthenticationProvider
coll[http-bio-8080-exec-8] 2015-03-16 12:20:50,365 DEBUG [SharedEntityManagerCreator$SharedEntityManagerInvocationHandler] - Creating new EntityManager for shared EntityManager invocation
Hibernate: select provider0_.id as id1_0_, provider0_.application_provider_id as applicat2_0_, provider0_.domain as domain3_0_, provider0_.ga_profile_id as ga_profi4_0_, provider0_.logo_url as logo_url5_0_, provider0_.name as name6_0_, provider0_.password as password7_0_, provider0_.start_date as start_da8_0_ from providers provider0_ where provider0_.name=?
coll[http-bio-8080-exec-8] 2015-03-16 12:20:50,450 DEBUG [EntityManagerFactoryUtils] - Closing JPA EntityManager
coll[http-bio-8080-exec-8] 2015-03-16 12:20:50,450 ERROR [ReportsAuthenticationProvider] - authenticate() - no password provider for provider sport
coll[http-bio-8080-exec-8] 2015-03-16 12:20:50,465 DEBUG [DefaultAuthenticationEventPublisher] - No event was found for the exception org.springframework.security.authentication.InsufficientAuthenticationException
coll[http-bio-8080-exec-8] 2015-03-16 12:20:50,465 DEBUG [ExceptionTranslationFilter] - Authentication exception occurred; redirecting to authentication entry point
org.springframework.security.authentication.InsufficientAuthenticationException: No password for user
    at com.test.reporting.web.security.ReportsAuthenticationProvider.authenticate(ReportsAuthenticationProvider.java:50)
    at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
    at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:177)
    at org.springframework.security.access.intercept.AbstractSecurityInterceptor.authenticateIfRequired(AbstractSecurityInterceptor.java:316)
    at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:202)
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:115)
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:155)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344)
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:503)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.lang.Thread.run(Thread.java:745)
coll[http-bio-8080-exec-8] 2015-03-16 12:20:50,465 DEBUG [HttpSessionRequestCache] - DefaultSavedRequest added to Session: DefaultSavedRequest[http://localhost:8080/reporting-ui/reports/view/sport]
coll[http-bio-8080-exec-8] 2015-03-16 12:20:50,465 DEBUG [ExceptionTranslationFilter] - Calling Authentication entry point.
coll[http-bio-8080-exec-8] 2015-03-16 12:20:50,465 DEBUG [DefaultRedirectStrategy] - Redirecting to 'http://localhost:8080/reporting-ui/spring_security_login'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:50,465 DEBUG [HttpSessionSecurityContextRepository] - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
coll[http-bio-8080-exec-8] 2015-03-16 12:20:50,465 DEBUG [SecurityContextPersistenceFilter] - SecurityContextHolder now cleared, as request processing completed
coll[http-bio-8080-exec-9] 2015-03-16 12:20:50,481 DEBUG [FilterChainProxy] - /spring_security_login at position 1 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
coll[http-bio-8080-exec-9] 2015-03-16 12:20:50,481 DEBUG [HttpSessionSecurityContextRepository] - Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@ffffffff: Null authentication'
coll[http-bio-8080-exec-9] 2015-03-16 12:20:50,481 DEBUG [FilterChainProxy] - /spring_security_login at position 2 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
coll[http-bio-8080-exec-9] 2015-03-16 12:20:50,481 DEBUG [FilterChainProxy] - /spring_security_login at position 3 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
coll[http-bio-8080-exec-9] 2015-03-16 12:20:50,481 DEBUG [FilterChainProxy] - /spring_security_login at position 4 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
coll[http-bio-8080-exec-9] 2015-03-16 12:20:50,481 DEBUG [FilterChainProxy] - /spring_security_login at position 5 of 12 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter'
coll[http-bio-8080-exec-9] 2015-03-16 12:20:50,481 DEBUG [HttpSessionSecurityContextRepository] - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
coll[http-bio-8080-exec-9] 2015-03-16 12:20:50,481 DEBUG [SecurityContextPersistenceFilter] - SecurityContextHolder now cleared, as request processing completed

Do you might have any idea what causes that wrong behavior?

Thank you

like image 836
user1002065 Avatar asked Mar 16 '15 09:03

user1002065


People also ask

What is AuthenticationProvider in Spring Security?

The Authentication Provider Spring Security provides a variety of options for performing authentication. These options follow a simple contract; an Authentication request is processed by an AuthenticationProvider, and a fully authenticated object with full credentials is returned.

How do I limit the number of login attempts in Spring Security?

Solution. Review the existing Spring Security's authentication class, the “locked” feature is already implemented. To enable the limit login attempts, you need to set the UserDetails. isAccountNonLocked to false.

How do you maintain security in spring boot?

For adding a Spring Boot Security to your Spring Boot application, we need to add the Spring Boot Starter Security dependency in our build configuration file. Maven users can add the following dependency in the pom. xml file. Gradle users can add the following dependency in the build.

How many ways we can implement Spring Security?

There are basically 2 ways to implement spring security. through bean configuration in . xml files and other by using Annotations.


1 Answers

Make your Authentication trusted by adding a role:

if (password.equals(provider.getPassword()))
{
    Collection<? extends GrantedAuthority> authorities = Collections.singleton(new SimpleGrantedAuthority("ROLE_USER"));
    UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(providerName, password, authorities);
    return authenticationToken;
}

By using 3-arguments constructor, isAuthenticated() will return true.

like image 87
holmis83 Avatar answered Oct 19 '22 08:10

holmis83