Vote count:
0
I implemented custom authentication filter by extending AbstractAuthenticationProcessingFilter with application url "/test/web" to interpret each request coming into my web page using rest. There is no login page.
Here is my custom filter code.
public class SamlAuthenticationFilter extends
AbstractAuthenticationProcessingFilter {
//my filter url
public static final String FILTER_URL = "/test/web";
//constructor
public SamlAuthenticationFilter() {
super(FILTER_URL);
}
public SamlAuthenticationFilter(String defaultFilterProcessesUrl) {
super(defaultFilterProcessesUrl);
}
}
And my securityContext.xml file contents. I am using spring SAML security framework
<security:http entry-point-ref="samlEntryPoint">
<security:intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY"/>
<security:custom-filter before="FIRST" ref="metadataGeneratorFilter"/>
<security:custom-filter after="BASIC_AUTH_FILTER" ref="samlFilter"/>
</security:http>
<bean id="samlAuthFilter" class="com.fico.common.security.SamlAuthenticationFilter">
<property name="authenticationManager" ref="dmipAuthenticationManager" />
<property name="authenticationSuccessHandler" ref="successRedirectHandler"/>
<property name="authenticationFailureHandler" ref="failureHandler"/>
</bean>
<!-- my filter which looks for the pattern /test/web-->
<bean id="samlFilter" class="org.springframework.security.web.FilterChainProxy">
<security:filter-chain-map request-matcher="ant">
<security:filter-chain pattern="/test/web/**" filters="samlAuthFilter"/>
<security:filter-chain pattern="/saml/login/**" filters="samlEntryPoint"/>
<security:filter-chain pattern="/saml/logout/**" filters="samlLogoutFilter"/>
<security:filter-chain pattern="/saml/metadata/**" filters="metadataDisplayFilter"/>
<security:filter-chain pattern="/saml/SSO/**" filters="samlWebSSOProcessingFilter"/>
<security:filter-chain pattern="/saml/SSOHoK/**" filters="samlWebSSOHoKProcessingFilter"/>
<security:filter-chain pattern="/saml/SingleLogout/**" filters="samlLogoutProcessingFilter"/>
<security:filter-chain pattern="/saml/discovery/**" filters="samlIDPDiscovery"/>
</security:filter-chain-map>
</bean>
<!-- my redict url on success-->
<bean id="successRedirectHandler"
class="com.fico.common.security.LoginSuccessHandler">
<property name="defaultTargetUrl" value="/" />
</bean>
And my successhandler which takes the stored request URL and forwards it to it using redirect strategy from super class.
public class LoginSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
Authentication authentication) throws ServletException, IOException {
if (authentication instanceof SamlAuthenticationToken) {
SamlAuthenticationToken dmipToken = (SamlAuthenticationToken) authentication;
System.out.println("LoginSuccessHandler ..orig req url." + dmipToken.getOriginalRequestedURL());
}
Object obj = request.getSession().getAttribute("origURL");
String requestedURL = (obj != null ? obj.toString() : "");
System.out.println("original requested url:"+ requestedURL);
if (org.apache.commons.lang.StringUtils.isNotEmpty(requestedURL)) {
getRedirectStrategy().sendRedirect(request, response, requestedURL);
} else {
super.onAuthenticationSuccess(request, response, authentication);
}
}
}
basically once the user requests page as /services/test/web/order/1. I need to interpret and authenticate against external IDP and once the user is authenticated, I load the roles in Authentication object and forward to successHandler. But once i forward to original page, it is keep calling my authentication filter and forwarding to page, coming back to filter.infinite loop. why it is not just forwarding to that page and stay there?
I just want to authenticate the user and if he is valid user for all the /test/web requests, he can simply view them.
Please Advice.
asked 1 min ago
Aucun commentaire:
Enregistrer un commentaire