Sunday, 15 March 2015

spring - Application Controllers getting called before custom RememberMeAuthenticationFilter -



spring - Application Controllers getting called before custom RememberMeAuthenticationFilter -

we trying implement spring security in our application. extending remembermeauthenticationfilter. problem our application controllers getting called before remembermeauthenticationfilter. is there anyway forcefulness remembermeauthenticationfilter called before application controllers? below configuaations. in debug mode see filterchainproxy.virtualfilterchain has 2 sets of filters - original filters , additional filters. original filters has springsecurityfilterchain doesn't phone call custom remembermeauthenticationfilter. , additional filters has remembermeauthenticationfilter. controller getting called via dispatcherservlet @ end of original filters.

web.xml

<filter> <filter-name>springsecurityfilterchain</filter-name> <filter-class>org.springframework.web.filter.delegatingfilterproxy</filter-class> </filter> <filter-mapping> <filter-name>springsecurityfilterchain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>

spring-security-context.xml

<http use-expressions="true" auto-config="false" entry-point-ref="authenticationprocessingfilterentrypoint" create-session="ifrequired" > <long list of intercept-url here> <intercept-url pattern="/**" access="permitall" requires-channel="any"/> <custom-filter ref="remembermeprocessingfilter" position="remember_me_filter" /> <custom-filter ref="authenticationprocessingfilter" position="form_login_filter" /> </http> <beans:bean id="remembermeprocessingfilter" class="uk.co.and.dealofday.security.securityremembermeauthenticationfilter"> <beans:property name="authenticationmanager" ref="authenticationmanager" /> <beans:property name="remembermeservices" ref="remembermeservices" /> </beans:bean> <beans:bean id="authenticationprocessingfilter" class="uk.co.and.dealofday.security.securityusernamepasswordauthenticationfilter"> <beans:property name="authenticationmanager" ref="authenticationmanager" /> <beans:property name="remembermeservices" ref="remembermeservices" /> <beans:property name="userservice" ref="userservice"/> <beans:property name="securityhelper" ref="securityhelper" /> </beans:bean>

declare custom remember filter after custom authentication filter

<custom-filter ref="authenticationprocessingfilter" position="form_login_filter" /> <custom-filter ref="remembermeprocessingfilter" position="remember_me_filter" />

spring security authentication filter order

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)