spring mvc - Why isn't SpringSecurity placing my SecurityContext in the HttpSession? -


my corporate intranet application uses pre-authentication scenario. has 2 filters inserted before springsecurity filter chain. first filter provided corporation. handles logins, passwords, etc. , if recognizes user, puts authentication data in principal in cookies. second translates this, creates userdetails object , authentication token , places in securitycontextholder.

securitycontextholder.getcontext().setauthentication(token); logger.debug("auth token submitted");

my log confirms happening:

2015-09-30 13:02:08,998 debug c.a.v.c.s.mypreauthfilter [http-bio-8081-exec-63] auth token submitted

a few ms later, spring security filter chain comes in , following:

2015-09-30 13:02:09,002 debug o.s.s.w.filterchainproxy [http-bio-8081-exec-63] /index.html @ position 1 of 11 in additional filter chain; firing filter: 'webasyncmanagerintegrationfilter' 2015-09-30 13:02:09,007 debug o.s.s.w.filterchainproxy [http-bio-8081-exec-63] /index.html @ position 2 of 11 in additional filter chain; firing filter: 'securitycontextpersistencefilter' 2015-09-30 13:02:09,008 debug o.s.s.w.c.httpsessionsecuritycontextrepository [http-bio-8081-exec-63] httpsession returned null object spring_security_context 2015-09-30 13:02:09,008 debug o.s.s.w.c.httpsessionsecuritycontextrepository [http-bio-8081-exec-63] no securitycontext available httpsession: org.apache.catalina.session.standardsessionfacade@721c23ce. new 1 created.

basically, httpsessionsecuritycontextrespository invoked securitycontextpersistencefilter (part of filter chain) , checking session security context, not finding 1 in session, , replacing context placed in securitycontextholder, new empty one, resulting in authentication failure few lines below.

2015-09-30 13:02:09,024 debug o.s.s.w.a.exceptiontranslationfilter [http-bio-8081-exec-63] access denied (user anonymous); redirecting authentication entry point org.springframework.security.access.accessdeniedexception: access denied

since spring docs don't mention httpsessionsecuritycontextrespository, figure shouldn't mess that.

instead, thought maybe try inserting second filter after spring security filter chain, didn't help. filtersecurityinterceptor (11th item in chain) refused authenticate me, did when second filter before on chain.

what save securitycontext in session , how may defeat behavior of securitycontextpersistencefilter in wiping out security context have set?

i've developed workaround. shouldn't necessary, seems work.

@override public void dofilter(servletrequest request, servletresponse response,         filterchain chain) throws ioexception, servletexception  {  ...     preauthenticatedauthenticationtoken token = ...       logger.debug("auth token placed in securitycontext: \n" + token);     securitycontextholder.getcontext().setauthentication(token);      // make sure session has securitycontext @ point     ensuresessionhassecuritycontext(hreq);      super.dofilter(request,response, chain);      logger.debug("auth token after rest of chain: \n" + securitycontextholder.getcontext()             .getauthentication());  }  private void ensuresessionhassecuritycontext(httpservletrequest hreq) {     httpsession session = hreq.getsession(false);     object securitycontext = session.getattribute(httpsessionsecuritycontextrepository.spring_security_context_key);     if (securitycontext == null) {         logger.debug("no securitycontext found in session, inserting ours");         session.setattribute(httpsessionsecuritycontextrepository.spring_security_context_key, securitycontextholder.getcontext());     }  }

please debunk solution if appears problematical you. way can think of assure filter chain not whack new authentication, @ time want to, after preauth filter has done job, before spring filter chain takes over.


Comments

Post a Comment

Popular posts from this blog

1111. appearing after print sequence - php -

morning, i have code takes string of shoe sizes, explodes , puts in table. code works , info displayed correctly on page after table there few 1's after table. i'm confused this. so table looks (in columns of 3 on webpage) available in following sizes: 3 4 5 6 9 10 111 here's codes, purpose of example $x = 3|4|6|10|9 function get_sizes_pipe($x) { $counter = 0; $splits = explode("|",$x); asort($splits); $x = print "<table class='greentable'>"; $x .= print "<thead><tr><th scope='col' colspan='3' abbr='starter'>available in following sizes:</th></tr></thead><tbody><tr>"; foreach ($splits $split) { $entry = print "<td>".$split."</td>"; if($counter == 2){ $entry .= print "</tr><tr>"; $counter =0; } else { $counter++; ...
Read more

java - WARN : org.springframework.web.servlet.PageNotFound - No mapping found for HTTP request with URI [/board/] in DispatcherServlet with name 'appServlet' -

this question has answer here: why spring mvc respond 404 , report “no mapping found http request uri […] in dispatcherservlet”? 3 answers i trying making simple bbs i'm encountering following error, warn : org.springframework.web.servlet.pagenotfound - no mapping found http request uri [/board/] in dispatcherservlet name 'appservlet' i have tried solve error many times, have failed. how can solve error? here web.xml, controllerand , servlet-context. my web.xml <?xml version="1.0" encoding="utf-8"?> <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/xmlschema-instance" xsi:schemalocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"> <filter> <filter-nam...
Read more

Ruby on Rails, ActiveRecord, Postgres, UTF-8 and ASCII-8BIT encodings -

weirdest error, who’s challenge try , me? spent hours yesterday on , it’s magic. can't believe happening , it's driving me crazy. btw, using: rails 4.2.3 ruby 2.2.3 pg 0.18 encoding.default_internal = encoding.default_external = utf-8 config.encoding = 'utf-8' it has postgres, activerecord , encodings! turns out we’ve been getting these errors whenever create new users on database special characters: encoding::undefinedconversionerror: "\xc3" ascii-8bit utf-8 \xc3 may vary depending on characters. weird part we’ve set since beginning utf-8. makes no sense , digged it, , used script: user.all.each |user| user.attributes.each |name, value| if value.is_a? string puts user.email + name.encoding.to_s + value.encoding.to_s end end end and output of 1 of users, users same: dr_lottahelp@blahblah.comutf-8utf-8 dr_lottahelp@blahblah.comutf-8ascii-8bit dr_lottahelp@blahblah.comutf-8ascii-8bit dr_lottahelp@blahblah.comutf-8asci...
Read more