Spring Custom filter chain -


i writing own filter chain dynamically load user roles database , filter urls

application works fine when login application using login page

but when try access protected url requires authentication instead of being redirected login page; getting class cast exception.

debugging shows me string "anonymoususer" returned instead of domain principal object :(

java.lang.classcastexception: java.lang.string cannot cast com.mytech.myapp.model.myappuser @ com.mytech.myapp.web.controller.helper.leftmenuhelper.getmanageleftmenu(leftmenuhelper.java:171) @ com.mytech.myapp.web.controller.managecontroller.setlefttree(managecontroller.java:1377) @ com.mytech.myapp.web.controller.managecontroller.rendermanagepage(managecontroller.java:379) @ com.mytech.myapp.web.controller.managecontroller.handlenosuchrequesthandlingmethod(managecontroller.java:371) @ org.springframework.web.servlet.mvc.multiaction.multiactioncontroller.handlerequestinternal(multiactioncontroller.java:413) @ org.springframework.web.servlet.mvc.abstractcontroller.handlerequest(abstractcontroller.java:153) @ org.springframework.web.servlet.mvc.simplecontrollerhandleradapter.handle(simplecontrollerhandleradapter.java:48) @ org.springframework.web.servlet.dispatcherservlet.dodispatch(dispatcherservlet.java:875) @ org.springframework.web.servlet.dispatcherservlet.doservice(dispatcherservlet.java:809) @ org.springframework.web.servlet.frameworkservlet.processrequest(frameworkservlet.java:571) @ org.springframework.web.servlet.frameworkservlet.doget(frameworkservlet.java:501) @ javax.servlet.http.httpservlet.service(httpservlet.java:621) @ javax.servlet.http.httpservlet.service(httpservlet.java:722) @ org.apache.catalina.core.applicationfilterchain.internaldofilter(applicationfilterchain.java:305) @ org.apache.catalina.core.applicationfilterchain.dofilter(applicationfilterchain.java:210) @ org.springframework.security.util.filterchainproxy$virtualfilterchain.dofilter(filterchainproxy.java:378) @ org.springframework.security.intercept.web.filtersecurityinterceptor.invoke(filtersecurityinterceptor.java:109) @ org.springframework.security.intercept.web.filtersecurityinterceptor.dofilter(filtersecurityinterceptor.java:83) @ org.springframework.security.util.filterchainproxy$virtualfilterchain.dofilter(filterchainproxy.java:390) @ org.springframework.security.providers.anonymous.anonymousprocessingfilter.dofilterhttp(anonymousprocessingfilter.java:105) @ org.springframework.security.ui.springsecurityfilter.dofilter(springsecurityfilter.java:53) @

my security xml follows

    <?xml version="1.0" encoding="utf-8"?>  <b:beans xmlns:xsi="http://www.w3.org/2001/xmlschema-instance"     xmlns:sec="http://www.springframework.org/schema/security"     xmlns:b="http://www.springframework.org/schema/beans"     xsi:schemalocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd                         http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">      <b:bean id="springsecurityfilterchain" class="org.springframework.security.util.filterchainproxy">         <sec:filter-chain-map path-type="ant">             <sec:filter-chain pattern="/brands/**" filters="none" />             <sec:filter-chain pattern="/javascript/**" filters="none" />             <sec:filter-chain pattern="/index.html" filters="none" />             <sec:filter-chain pattern="/login.do" filters="none" />             <sec:filter-chain pattern="/forgotpassword.do" filters="none" />             <sec:filter-chain pattern="/ws/restapi/**" filters="none" />             <sec:filter-chain pattern="/**" filters="                 httpsessioncontextintegrationfilter,                 logoutfilter,                 preauthfilter,                 authenticationprocessingfilter,                 anonymousprocessingfilter,                 filtersecurityinterceptor             "/>         </sec:filter-chain-map>     </b:bean>     <!--     -->      <b:bean id="anonymousprocessingfilter" class="org.springframework.security.providers.anonymous.anonymousprocessingfilter">         <b:property name="key" value="foobar" />         <b:property name="userattribute" value="anonymoususer,role_anonymous" />     </b:bean>      <b:bean id="anonymousauthenticationprovider" class="org.springframework.security.providers.anonymous.anonymousauthenticationprovider">         <b:property name="key" value="foobar" />     </b:bean>      <b:bean id="httpsessioncontextintegrationfilter" class="org.springframework.security.context.httpsessioncontextintegrationfilter">         <sec:custom-filter position="session_context_integration_filter"/>     </b:bean>      <b:bean id="logoutfilter" class="org.springframework.security.ui.logout.logoutfilter">         <b:constructor-arg value="/login.do?code=logout" />         <b:constructor-arg>             <b:list>                 <b:ref bean="securitycontextlogouthandler" />             </b:list>         </b:constructor-arg>         <sec:custom-filter position="logout_filter"/>     </b:bean>      <b:bean id="securitycontextlogouthandler" class="org.springframework.security.ui.logout.securitycontextlogouthandler" />      <b:bean id="filtersecurityinterceptor" class="org.springframework.security.intercept.web.filtersecurityinterceptor">         <sec:custom-filter position="filter_security_interceptor"/>         <b:property name="authenticationmanager" ref="authenticationmanageralias" />         <b:property name="accessdecisionmanager" ref="accessdecisionmanager" />         <b:property name="objectdefinitionsource" ref="myapproleurlfiltersource" />     </b:bean>      <b:bean id="myapproleurlfiltersource" class="com.softech.myapp.web.filter.myapproleurlfiltersource">     </b:bean>      <b:bean id="accessdecisionmanager" class="org.springframework.security.vote.unanimousbased">         <b:property name="decisionvoters" ref="rolevoter" />     </b:bean>      <b:bean id="rolevoter" class="org.springframework.security.vote.rolevoter">         <b:property name="roleprefix" value="" />     </b:bean>      <b:bean id="preauthfilter" class="com.softech.myapp.web.filter.myapprequestpreauthfilter">         <sec:custom-filter position="pre_auth_filter" />         <b:property name="principalrequestheader" value="myapp_auth_user_token" />         <b:property name="authenticationmanager" ref="authenticationmanageralias" />         <b:property name="authenticationdetailssource" ref="userdetailsservice"></b:property>          <b:property name="preauthentryurl" value="/interceptor.do"></b:property>         <b:property name="listenfrom" value="*"></b:property>     </b:bean>      <b:bean id="preauthprovider" class="org.springframework.security.providers.preauth.preauthenticatedauthenticationprovider">         <sec:custom-authentication-provider />         <b:property name="preauthenticateduserdetailsservice">             <b:bean id="userdetailsservicewrapper" class="org.springframework.security.userdetails.userdetailsbynameservicewrapper">                 <b:property name="userdetailsservice" ref="userdetailsservice" />             </b:bean>         </b:property>     </b:bean>      <b:bean id="authenticationprocessingfilterentrypoint" class="org.springframework.security.ui.webapp.authenticationprocessingfilterentrypoint">         <b:property name="loginformurl" value="/login.do"/>         <b:property name="forcehttps" value="false" />     </b:bean>      <sec:authentication-manager alias='authenticationmanageralias'/>     <b:bean id="authenticationmanager" class="org.springframework.security.providers.providermanager">         <b:property name="providers">             <b:list>                 <b:ref local="securedaoauthenticationprovider"/>                 <b:ref local="daoauthenticationprovider"/>             </b:list>         </b:property>     </b:bean>      <b:bean id="authenticationprocessingfilter" class="org.springframework.security.ui.webapp.authenticationprocessingfilter">         <sec:custom-filter position="authentication_processing_filter"/>         <b:property name="defaulttargeturl" value="/interceptor.do"/>         <b:property name="authenticationfailureurl" value="/login.do"/>         <b:property name="authenticationmanager" ref="authenticationmanageralias"/>         <b:property name="authenticationdetailssource" ref="myappuserauthenticationdetailssource"/>         <b:property name="alwaysusedefaulttargeturl" value="true"/>     </b:bean>          <!-- <authentication-provider user-service-ref="userdetailsservice"/> -->     <!-- sha-1 password encoder -->     <b:bean id="securedaoauthenticationprovider" class="org.springframework.security.providers.dao.daoauthenticationprovider">         <b:property name="userdetailsservice" ref="userdetailsservice"/>         <b:property name="passwordencoder" ref="passwordencoder"/>         <b:property name="saltsource" ref="saltsource"/>         <sec:custom-authentication-provider/>       </b:bean>         <!-- plain text password encoder - default -->     <b:bean id="daoauthenticationprovider" class="org.springframework.security.providers.dao.daoauthenticationprovider">         <b:property name="userdetailsservice" ref="userdetailsservice"/>         <sec:custom-authentication-provider/>       </b:bean>      <b:bean id="myappuserauthenticationdetailssource" class="org.springframework.security.ui.webauthenticationdetailssource">         <b:property name="clazz" value="com.softech.myapp.web.filter.myappuserauthenticationdetails"/>     </b:bean>        <!-- automatically receives authenticationevent messages -->    <b:bean id="loggerlistener" class="org.springframework.security.event.authentication.loggerlistener"/>  </b:beans>

"redirected login page" feature depends on 2 filters:

  • filtersecurityinterceptor - check security rules, throw accessdeniedexception
  • exceptiontranslationfilter - catch accessdeniedexception , start authentication in case of anonymous user

as can see exceptiontranslationfilter absent in conf. please add filter chain. order important, must inserted before filtersecurityinterceptor.


Comments

Post a Comment

Popular posts from this blog

c++ - End of file on pipe magic during open -

i have c++ application in starting process(wireshark) following. if (fp == null){ fp = popen(processpath, "r"); //processpath process want start if (!fp){ throw std::invalid_argument("cannot start process"); } fprintf(fp, d_msg);//d_msg input want provide process } else if(fp != null){ fprintf(fp, d_msg); } the problem when execute c++ application, start wireshark error end of file on pipe magic during open what should avoid that? also tried using mkfifo create named pipe , execute it. used this: if (fp == null){ system("mkfifo /tmp/mine.pcap"); fp = popen("wireshark -k -i /tmp/mine.pcap", "r"); if (!fp){ dout << "cannot start wireshark"<<std::endl; throw std::invalid_argument("cannot start wireshark"); } input = fopen("/tmp/mine.pcap", "wb"); fprintf(input , d_msg); fclose(input)...
Read more

basic authentication with http post params android -

i doing basic authentication passing username , password , using basicnamevaluepair sending post params response service. my method: public stringbuilder callservicehttppost(string username, string password, string type) { // create new httpclient , post header httpclient httpclient = new defaulthttpclient(); httppost httppost = new httppost(webservice + type); httpresponse response = null; stringbuilder total = new stringbuilder(); try { url url = new url(webservice + type); /*string base64encodedcredentials = base64.encodetostring((username + ":" + password).getbytes(), base64.url_safe | base64.no_wrap);*/ string base64encodedcredentials = "basic " + base64.encodetostring( (username + ":" + password).getbytes(), base64.no_wrap); httppost.setheader("auth...
Read more

data.table making a copy of table in R -

i doing this: myfun <- function(inputvar_vec){ # inputvar_vec input vector # # result = output vector return(result) } dt[, result := lapply(.sd, myfun), = byvar, .sdcols = inputvar] i getting following warning: warning message: `in `[.data.table`(df1, , `:=`(prop, lapply(.sd, propeventinlastk)), : invalid .internal.selfref detected , fixed taking copy of whole table, := can add new column reference. @ earlier point, data.table has been copied r (or been created manually using structure() or similar). (and more stuff) .... ` my guess because stacking result vectors (after operation), copy being made? can suggest method remove warning? have done using apply functions , thought should extendable here too. my other question is: can pass chunk of rows data frame (subsetted using statement), , call function myfun operate on that? adding example requested # generate data n = 10000 default=na value = 1 df = data.table(id = sample(1:5000, n, replace=true), ...
Read more