Spring Security - Custom Pre Auth filter using java config -


i trying configure simple custom authentication filter checks token on every page of web app except '/login' page. right now, filter , running, no matter settings change, filter being called on every page, including '/login' have set permitall().

when access localhost:8080/login, expect not call filter based on configuration below, instead throws exception in filter because no session found.

my question how limit filter pages except '/login' page?

here config:

@configuration @enablewebmvcsecurity public class securityconfig extends websecurityconfigureradapter{  private userdetailsservice userdetailsservice; private preauthenticatedauthenticationprovider preauthenticatedprovider;  public securityconfig() {     super();      userdetailsservice = new userdetailsserviceimpl();     userdetailsbynameservicewrapper<preauthenticatedauthenticationtoken> wrapper =              new userdetailsbynameservicewrapper<preauthenticatedauthenticationtoken>(userdetailsservice);      preauthenticatedprovider = new preauthenticatedauthenticationprovider();     preauthenticatedprovider.setpreauthenticateduserdetailsservice(wrapper); }  @autowired public void configureglobal(authenticationmanagerbuilder auth) throws exception {     auth.authenticationprovider(preauthenticatedprovider); }  @override protected void configure(httpsecurity http) throws exception {     opentokenrequestauthenticationfilter filter = new opentokenrequestauthenticationfilter();     filter.setauthenticationmanager(authenticationmanager());       http         .addfilter(filter)         .authorizerequests()             .antmatchers("/login").permitall(); }  }

and here filter:

    public class opentokenrequestauthenticationfilter extends         abstractpreauthenticatedprocessingfilter {      /**      * logger class      */     private static final logger logger = loggerfactory.getlogger(opentokenrequestauthenticationfilter.class);      @autowired     private exceptionmappingauthenticationfailurehandler authenticationfailurehandler;      @autowired     private iopentokenreader opentokenreader;      private string logouturl;      @override     public void dofilter(servletrequest request, servletresponse response,             filterchain chain) throws ioexception, servletexception {         httpservletrequest httpservletrequest = (httpservletrequest)request;         httpservletresponse httpservletresponse = (httpservletresponse)response;         super.dofilter(httpservletrequest, httpservletresponse, chain);         httpsession session = httpservletrequest.getsession(false);         if(session != null && session.getattribute("ssotoken") != null)         {             ssotoken ssotoken = (ssotoken)session.getattribute("ssotoken");             httpservletresponse.addheader("agentname", ssotoken.getname());             httpservletresponse.addheader("agentid", ""+ssotoken.getloginid());         }     }      /**      *       */     protected object getpreauthenticatedprincipal(httpservletrequest request) {         string principal = null;         httpsession session = null;          try {             session = request.getsession(false);             string tokenname = opentokenreader.gettokenname();              if (tokenname != null && request.getparameter(tokenname.trim()) != null && !request.getparameter(tokenname.trim()).isempty()) {                 logger.info("token found in request. token name:  "+ tokenname);                 ssotoken ssotoken = null;                 if (session != null) {                     session.invalidate();                     logger.info("invalidated old session , creating new session since request found new token.");                 }                 session = request.getsession(true);//create new session                 logger.info("new session created: "+session.getid());                  agent agent = opentokenreader.getagent();                 map result = agent.readtoken(request);                 if (result != null) {                     principal = (string) result.get("subject");                     ssotoken = new ssotoken();                     ssotoken.setlogouturl(getlogouturl()); //                  ssotoken.setname((string) result.get("lastname") +", "+(string) result.get("firstname"));                     ssotoken.setname((string) result.get("firstname"));                     ssotoken.setaffiliate((result.get("isaffiliate") != null && !((string)result.get("isaffiliate")).trim().equals("false")) ? true : false);                     if(ssotoken.isaffiliate())                         ssotoken.setloginid((string) result.get("affiliateid"));                     else                         ssotoken.setloginid((string) result.get("subject"));                 }                 session.setattribute("ssotoken", ssotoken);                 boolean isinvalidtoken = hasinvalidtokendata(ssotoken);                 if (isinvalidtoken) {                     throw new preauthenticatedcredentialsnotfoundexception("invalid token found in request.");                 } else {                     session.setattribute("hasvalidtoken", true);                 }             }          } catch (exception e) {             logger.error("exception while reading token " + e);         }         if(session == null )             throw new preauthenticatedcredentialsnotfoundexception("no session found.");         if(session != null && session.getattribute("hasvalidtoken") == null)             throw new preauthenticatedcredentialsnotfoundexception("no attribute 'hasvalidtoken' found in session.");         if(session != null && session.getattribute("hasvalidtoken") != null && !(boolean) session.getattribute("hasvalidtoken"))             throw new preauthenticatedcredentialsnotfoundexception("value of  attribute 'hasvalidtoken' false in session.");          /*if (session == null || session.getattribute("hasvalidtoken") == null || !((boolean) session.getattribute("hasvalidtoken"))){             throw new preauthenticatedcredentialsnotfoundexception("token not found in request.");         }*/         if(session != null && session.getattribute("ssotoken") != null)         {             ssotoken ssotoken = (ssotoken)session.getattribute("ssotoken");             principal = ssotoken.getloginid();         }          return principal;     }     public boolean hasinvalidtokendata(ssotoken token) {         boolean hasinvalidtokendata = false;         if (token == null) {             hasinvalidtokendata = true;         } else {             if (stringutils.isblank(token.getloginid())) {                 logger.debug("login id blank.");                 hasinvalidtokendata = true;             }         }         if (logger.isdebugenabled()) {             logger.debug("exiting: hasinvalidtokendata(ssotoken)");             logger.debug("hasinvalidtokendata=|" + hasinvalidtokendata + "|");         }         return hasinvalidtokendata;     }     @override     protected object getpreauthenticatedcredentials(httpservletrequest request) {         return "";     }      /**      * @return logouturl      */     public string getlogouturl() {         return logouturl;     }      /**      * @param logouturl logouturl set      */     public void setlogouturl(string logouturl) {         this.logouturl = logouturl;     }      public void setauthenticationfailurehandler(exceptionmappingauthenticationfailurehandler authenticationfailurehandler){         this.authenticationfailurehandler = authenticationfailurehandler;     }      public exceptionmappingauthenticationfailurehandler getauthenticationfailurehandler(){         return authenticationfailurehandler;     }


Comments

Post a Comment

Popular posts from this blog

get url and add instance to a model with prefilled foreign key :django admin -

Image
i have page in each contest shown in row. each row contains contest id , link other model names have foreign key contest. news model: class news(models.model): title = models.charfield(max_length=50, null=true) description = models.textfield() time = models.timefield( default= datetime.datetime.now().time()) contest = models.foreignkey(contest) i want use admin adding , changing these models. want when user clicks on 'news' has foreign key contest id=1, shows list of news value foreign key. use {% instance in instances %} <tr class="{% cycle 'row1' 'row2' %}"> <td>{{ instance.title }}</td> <td>{{ instance.starttime }}</td> <td>{{ instance.timespan }}</td> <td>{{ instance.date }}</td> <td><a href="/adm...
Read more

css - Make div keyboard-scrollable in jQuery Mobile? -

from can tell, although jquery-mobile-powered pages can contain divs overflow set scroll or auto, , these divs can scrolled one-screen bar or mouse wheel, cannot scrolled using arrow keys, page-up/page-down, or home/end. instead, official "page" div (with data-role="page") absorbs input. perhaps other divs can't acquire focus, i'm not sure. is there way around this? edit: jsfiddle of simple example: https://jsfiddle.net/qogz0shx/ <script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js"></script> <script src="https://ajax.googleapis.com/ajax/libs/jquerymobile/1.4.5/jquery.mobile.min.js"> </script> <link rel="stylesheet" href="https://code.jquery.com/mobile/1.4.5/jquery.mobile-1.4.5.css"/> <style> #outer { overflow:scroll; height: 50vh; width: 50vw; } #inner { height: 500vh; width: 500vw; } ...
Read more

android - Keyboard hides my half of edit-text and button below it even in scroll view -

i having trouble keyboard covers edit-text , half of button in scroll view. here's layout , please tell me how should resolve problem. many questions on topic none of them s working me. <?xml version="1.0" encoding="utf-8"?> <linearlayout xmlns:android="http://schemas.android.com/apk/res/android" android:layout_width="match_parent" android:background="@drawable/bg" android:layout_height="match_parent"> <scrollview android:layout_width="match_parent" android:fillviewport="true" android:layout_height="match_parent"> <relativelayout android:layout_width="match_parent" android:layout_height="wrap_content" android:orientation="vertical"> <linearlayout android:layout_width="match_parent" android:layout_height="w...
Read more