Spring Custom filter chain -


i writing own filter chain dynamically load user roles database , filter urls

application works fine when login application using login page

but when try access protected url requires authentication instead of being redirected login page; getting class cast exception.

debugging shows me string "anonymoususer" returned instead of domain principal object :(

java.lang.classcastexception: java.lang.string cannot cast com.mytech.myapp.model.myappuser @ com.mytech.myapp.web.controller.helper.leftmenuhelper.getmanageleftmenu(leftmenuhelper.java:171) @ com.mytech.myapp.web.controller.managecontroller.setlefttree(managecontroller.java:1377) @ com.mytech.myapp.web.controller.managecontroller.rendermanagepage(managecontroller.java:379) @ com.mytech.myapp.web.controller.managecontroller.handlenosuchrequesthandlingmethod(managecontroller.java:371) @ org.springframework.web.servlet.mvc.multiaction.multiactioncontroller.handlerequestinternal(multiactioncontroller.java:413) @ org.springframework.web.servlet.mvc.abstractcontroller.handlerequest(abstractcontroller.java:153) @ org.springframework.web.servlet.mvc.simplecontrollerhandleradapter.handle(simplecontrollerhandleradapter.java:48) @ org.springframework.web.servlet.dispatcherservlet.dodispatch(dispatcherservlet.java:875) @ org.springframework.web.servlet.dispatcherservlet.doservice(dispatcherservlet.java:809) @ org.springframework.web.servlet.frameworkservlet.processrequest(frameworkservlet.java:571) @ org.springframework.web.servlet.frameworkservlet.doget(frameworkservlet.java:501) @ javax.servlet.http.httpservlet.service(httpservlet.java:621) @ javax.servlet.http.httpservlet.service(httpservlet.java:722) @ org.apache.catalina.core.applicationfilterchain.internaldofilter(applicationfilterchain.java:305) @ org.apache.catalina.core.applicationfilterchain.dofilter(applicationfilterchain.java:210) @ org.springframework.security.util.filterchainproxy$virtualfilterchain.dofilter(filterchainproxy.java:378) @ org.springframework.security.intercept.web.filtersecurityinterceptor.invoke(filtersecurityinterceptor.java:109) @ org.springframework.security.intercept.web.filtersecurityinterceptor.dofilter(filtersecurityinterceptor.java:83) @ org.springframework.security.util.filterchainproxy$virtualfilterchain.dofilter(filterchainproxy.java:390) @ org.springframework.security.providers.anonymous.anonymousprocessingfilter.dofilterhttp(anonymousprocessingfilter.java:105) @ org.springframework.security.ui.springsecurityfilter.dofilter(springsecurityfilter.java:53) @

my security xml follows

    <?xml version="1.0" encoding="utf-8"?>  <b:beans xmlns:xsi="http://www.w3.org/2001/xmlschema-instance"     xmlns:sec="http://www.springframework.org/schema/security"     xmlns:b="http://www.springframework.org/schema/beans"     xsi:schemalocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd                         http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">      <b:bean id="springsecurityfilterchain" class="org.springframework.security.util.filterchainproxy">         <sec:filter-chain-map path-type="ant">             <sec:filter-chain pattern="/brands/**" filters="none" />             <sec:filter-chain pattern="/javascript/**" filters="none" />             <sec:filter-chain pattern="/index.html" filters="none" />             <sec:filter-chain pattern="/login.do" filters="none" />             <sec:filter-chain pattern="/forgotpassword.do" filters="none" />             <sec:filter-chain pattern="/ws/restapi/**" filters="none" />             <sec:filter-chain pattern="/**" filters="                 httpsessioncontextintegrationfilter,                 logoutfilter,                 preauthfilter,                 authenticationprocessingfilter,                 anonymousprocessingfilter,                 filtersecurityinterceptor             "/>         </sec:filter-chain-map>     </b:bean>     <!--     -->      <b:bean id="anonymousprocessingfilter" class="org.springframework.security.providers.anonymous.anonymousprocessingfilter">         <b:property name="key" value="foobar" />         <b:property name="userattribute" value="anonymoususer,role_anonymous" />     </b:bean>      <b:bean id="anonymousauthenticationprovider" class="org.springframework.security.providers.anonymous.anonymousauthenticationprovider">         <b:property name="key" value="foobar" />     </b:bean>      <b:bean id="httpsessioncontextintegrationfilter" class="org.springframework.security.context.httpsessioncontextintegrationfilter">         <sec:custom-filter position="session_context_integration_filter"/>     </b:bean>      <b:bean id="logoutfilter" class="org.springframework.security.ui.logout.logoutfilter">         <b:constructor-arg value="/login.do?code=logout" />         <b:constructor-arg>             <b:list>                 <b:ref bean="securitycontextlogouthandler" />             </b:list>         </b:constructor-arg>         <sec:custom-filter position="logout_filter"/>     </b:bean>      <b:bean id="securitycontextlogouthandler" class="org.springframework.security.ui.logout.securitycontextlogouthandler" />      <b:bean id="filtersecurityinterceptor" class="org.springframework.security.intercept.web.filtersecurityinterceptor">         <sec:custom-filter position="filter_security_interceptor"/>         <b:property name="authenticationmanager" ref="authenticationmanageralias" />         <b:property name="accessdecisionmanager" ref="accessdecisionmanager" />         <b:property name="objectdefinitionsource" ref="myapproleurlfiltersource" />     </b:bean>      <b:bean id="myapproleurlfiltersource" class="com.softech.myapp.web.filter.myapproleurlfiltersource">     </b:bean>      <b:bean id="accessdecisionmanager" class="org.springframework.security.vote.unanimousbased">         <b:property name="decisionvoters" ref="rolevoter" />     </b:bean>      <b:bean id="rolevoter" class="org.springframework.security.vote.rolevoter">         <b:property name="roleprefix" value="" />     </b:bean>      <b:bean id="preauthfilter" class="com.softech.myapp.web.filter.myapprequestpreauthfilter">         <sec:custom-filter position="pre_auth_filter" />         <b:property name="principalrequestheader" value="myapp_auth_user_token" />         <b:property name="authenticationmanager" ref="authenticationmanageralias" />         <b:property name="authenticationdetailssource" ref="userdetailsservice"></b:property>          <b:property name="preauthentryurl" value="/interceptor.do"></b:property>         <b:property name="listenfrom" value="*"></b:property>     </b:bean>      <b:bean id="preauthprovider" class="org.springframework.security.providers.preauth.preauthenticatedauthenticationprovider">         <sec:custom-authentication-provider />         <b:property name="preauthenticateduserdetailsservice">             <b:bean id="userdetailsservicewrapper" class="org.springframework.security.userdetails.userdetailsbynameservicewrapper">                 <b:property name="userdetailsservice" ref="userdetailsservice" />             </b:bean>         </b:property>     </b:bean>      <b:bean id="authenticationprocessingfilterentrypoint" class="org.springframework.security.ui.webapp.authenticationprocessingfilterentrypoint">         <b:property name="loginformurl" value="/login.do"/>         <b:property name="forcehttps" value="false" />     </b:bean>      <sec:authentication-manager alias='authenticationmanageralias'/>     <b:bean id="authenticationmanager" class="org.springframework.security.providers.providermanager">         <b:property name="providers">             <b:list>                 <b:ref local="securedaoauthenticationprovider"/>                 <b:ref local="daoauthenticationprovider"/>             </b:list>         </b:property>     </b:bean>      <b:bean id="authenticationprocessingfilter" class="org.springframework.security.ui.webapp.authenticationprocessingfilter">         <sec:custom-filter position="authentication_processing_filter"/>         <b:property name="defaulttargeturl" value="/interceptor.do"/>         <b:property name="authenticationfailureurl" value="/login.do"/>         <b:property name="authenticationmanager" ref="authenticationmanageralias"/>         <b:property name="authenticationdetailssource" ref="myappuserauthenticationdetailssource"/>         <b:property name="alwaysusedefaulttargeturl" value="true"/>     </b:bean>          <!-- <authentication-provider user-service-ref="userdetailsservice"/> -->     <!-- sha-1 password encoder -->     <b:bean id="securedaoauthenticationprovider" class="org.springframework.security.providers.dao.daoauthenticationprovider">         <b:property name="userdetailsservice" ref="userdetailsservice"/>         <b:property name="passwordencoder" ref="passwordencoder"/>         <b:property name="saltsource" ref="saltsource"/>         <sec:custom-authentication-provider/>       </b:bean>         <!-- plain text password encoder - default -->     <b:bean id="daoauthenticationprovider" class="org.springframework.security.providers.dao.daoauthenticationprovider">         <b:property name="userdetailsservice" ref="userdetailsservice"/>         <sec:custom-authentication-provider/>       </b:bean>      <b:bean id="myappuserauthenticationdetailssource" class="org.springframework.security.ui.webauthenticationdetailssource">         <b:property name="clazz" value="com.softech.myapp.web.filter.myappuserauthenticationdetails"/>     </b:bean>        <!-- automatically receives authenticationevent messages -->    <b:bean id="loggerlistener" class="org.springframework.security.event.authentication.loggerlistener"/>  </b:beans>

"redirected login page" feature depends on 2 filters:

  • filtersecurityinterceptor - check security rules, throw accessdeniedexception
  • exceptiontranslationfilter - catch accessdeniedexception , start authentication in case of anonymous user

as can see exceptiontranslationfilter absent in conf. please add filter chain. order important, must inserted before filtersecurityinterceptor.


Comments

Post a Comment

Popular posts from this blog

basic authentication with http post params android -

i doing basic authentication passing username , password , using basicnamevaluepair sending post params response service. my method: public stringbuilder callservicehttppost(string username, string password, string type) { // create new httpclient , post header httpclient httpclient = new defaulthttpclient(); httppost httppost = new httppost(webservice + type); httpresponse response = null; stringbuilder total = new stringbuilder(); try { url url = new url(webservice + type); /*string base64encodedcredentials = base64.encodetostring((username + ":" + password).getbytes(), base64.url_safe | base64.no_wrap);*/ string base64encodedcredentials = "basic " + base64.encodetostring( (username + ":" + password).getbytes(), base64.no_wrap); httppost.setheader("auth...
Read more

vb.net - Virtual Keyboard commands -

i wondering difference between virtual these keyboard commands is: keyeventf_extendedkey , keyeventf_keyup is. everywhere have looked gives me description based off integers , not want know each of them does. you've tagged question vb.net, these have nothing @ vb.net. they're constants defined in windows header files, use win32 api functions. as far difference, can't tell looking @ values. individual values not particularly important, that's why named identifiers used. what's important used , documentation functions tells mean. the first one, keyeventf_extendedkey , used keybdinput structure (which used along e.g. sendinput function) pass information synthesized keyboard input. if flag used, means scan code should interpreted extended key. technically, means scan code preceded prefix byte value 224 (&he0 in hexadecimal notation). the second one, keyeventf_keyup , 1 of flags available use structure. means key being released (going up)...
Read more

css - Firefox for ubuntu renders wrong colors -

Image
i've got following problem: i'm developing website, while testing around i've noticed firefox , chromium display css bar in different colors. when switched between several machine come conclusion firefox ubuntu problem. on other devices i've tested website. it's fine. the differences between chrome , firefox rendering: firefox: chromium: note: firefox ubuntu problem. does knows why , came solution? https://bugzilla.mozilla.org/show_bug.cgi?id=655637 bug 629312 - firefox displays wrong colors on image (only linux) open about:config , rechange gfx.color_management.mode 2 0.
Read more