Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Spring security PreAuthentication Filter asks for AuthenticationEntryPoint

Tags:

I am trying to use PreAuthFilter (for Siteminder) with Spring Security 3.0.

 <http  use-expressions="true">         <intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')" />         <intercept-url pattern="/403.jsp" access="permitAll" />         <!-- Allow non-secure access to static resources  -->         <intercept-url pattern="/css/**" filters="none" />         <intercept-url pattern="/images/**" filters="none" />          <custom-filter ref="siteminderFilter" position="PRE_AUTH_FILTER"/>  <!--        <form-login  /> -->         <logout logout-success-url="/index.jsp"/>     </http>      <beans:bean id="siteminderFilter" class="org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter">         <beans:property name="principalRequestHeader" value="SM_USER"/>         <beans:property name="authenticationManager" ref="authenticationManager" />         <beans:property name="exceptionIfHeaderMissing" value="false"/>     </beans:bean>      <beans:bean id="AdminUserDetailsService" class="com.fw.security.auth.MyUserDetailsService">     </beans:bean>      <beans:bean id="preauthAuthProvider" class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">         <beans:property name="preAuthenticatedUserDetailsService">             <beans:bean id="userDetailsServiceWrapper" class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">                 <beans:property name="userDetailsService" ref="AdminUserDetailsService"/>             </beans:bean>         </beans:property>     </beans:bean>      <authentication-manager alias="authenticationManager">       <authentication-provider ref="preauthAuthProvider" />     </authentication-manager> 

Above configuration fails with

org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: No AuthenticationEntryPoint could be established. Please make sure you have a login mechanism configured through the namespace (such as form-login) or specify a custom AuthenticationEntryPoint with the 'entry-point-ref' attribute  Offending resource: ServletContext resource [/WEB-INF/security-app-context.xml] 

1) How do I specify an AuthenticationEntryPoint???

2) And is it really applicable for a PreAuthentication scenario???

Solution

as per axtavt's solution below:

Create a bean with Http403ForbiddenEntryPoint

<beans:bean id="http403EntryPoint" class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint">     </beans:bean> 

and refer it in <http>

<http  use-expressions="true" auto-config="false" entry-point-ref="http403EntryPoint"> 
like image 484
Nirmal Patel Avatar asked Nov 04 '11 13:11

Nirmal Patel


People also ask

What is AuthenticationEntryPoint Spring Security?

AuthenticationEntryPoint is used in Spring Web Security to configure an application to perform certain actions whenever an unauthenticated client tries to access private resources.

How do you add a filter before Spring Security?

There are a couple of possible methods: addFilterBefore(filter, class) adds a filter before the position of the specified filter class. addFilterAfter(filter, class) adds a filter after the position of the specified filter class. addFilterAt(filter, class) adds a filter at the location of the specified filter class.

What is authentication filter in Spring Security?

Class AuthenticationFilterA Filter that performs authentication of a particular request. An outline of the logic: A request comes in and if it does not match setRequestMatcher(RequestMatcher) , then this filter does nothing and the FilterChain is continued.


1 Answers

I guess in the case of pre-authentication you need to declare an Http403ForbiddenEntryPoint and reference it via entry-point-ref attribute of <http>.

like image 57
axtavt Avatar answered Nov 26 '22 07:11

axtavt