Spring Security - Custom Pre Auth filter using java config -


i trying configure simple custom authentication filter checks token on every page of web app except '/login' page. right now, filter , running, no matter settings change, filter being called on every page, including '/login' have set permitall().

when access localhost:8080/login, expect not call filter based on configuration below, instead throws exception in filter because no session found.

my question how limit filter pages except '/login' page?

here config:

@configuration @enablewebmvcsecurity public class securityconfig extends websecurityconfigureradapter{  private userdetailsservice userdetailsservice; private preauthenticatedauthenticationprovider preauthenticatedprovider;  public securityconfig() {     super();      userdetailsservice = new userdetailsserviceimpl();     userdetailsbynameservicewrapper<preauthenticatedauthenticationtoken> wrapper =              new userdetailsbynameservicewrapper<preauthenticatedauthenticationtoken>(userdetailsservice);      preauthenticatedprovider = new preauthenticatedauthenticationprovider();     preauthenticatedprovider.setpreauthenticateduserdetailsservice(wrapper); }  @autowired public void configureglobal(authenticationmanagerbuilder auth) throws exception {     auth.authenticationprovider(preauthenticatedprovider); }  @override protected void configure(httpsecurity http) throws exception {     opentokenrequestauthenticationfilter filter = new opentokenrequestauthenticationfilter();     filter.setauthenticationmanager(authenticationmanager());       http         .addfilter(filter)         .authorizerequests()             .antmatchers("/login").permitall(); }  }

and here filter:

    public class opentokenrequestauthenticationfilter extends         abstractpreauthenticatedprocessingfilter {      /**      * logger class      */     private static final logger logger = loggerfactory.getlogger(opentokenrequestauthenticationfilter.class);      @autowired     private exceptionmappingauthenticationfailurehandler authenticationfailurehandler;      @autowired     private iopentokenreader opentokenreader;      private string logouturl;      @override     public void dofilter(servletrequest request, servletresponse response,             filterchain chain) throws ioexception, servletexception {         httpservletrequest httpservletrequest = (httpservletrequest)request;         httpservletresponse httpservletresponse = (httpservletresponse)response;         super.dofilter(httpservletrequest, httpservletresponse, chain);         httpsession session = httpservletrequest.getsession(false);         if(session != null && session.getattribute("ssotoken") != null)         {             ssotoken ssotoken = (ssotoken)session.getattribute("ssotoken");             httpservletresponse.addheader("agentname", ssotoken.getname());             httpservletresponse.addheader("agentid", ""+ssotoken.getloginid());         }     }      /**      *       */     protected object getpreauthenticatedprincipal(httpservletrequest request) {         string principal = null;         httpsession session = null;          try {             session = request.getsession(false);             string tokenname = opentokenreader.gettokenname();              if (tokenname != null && request.getparameter(tokenname.trim()) != null && !request.getparameter(tokenname.trim()).isempty()) {                 logger.info("token found in request. token name:  "+ tokenname);                 ssotoken ssotoken = null;                 if (session != null) {                     session.invalidate();                     logger.info("invalidated old session , creating new session since request found new token.");                 }                 session = request.getsession(true);//create new session                 logger.info("new session created: "+session.getid());                  agent agent = opentokenreader.getagent();                 map result = agent.readtoken(request);                 if (result != null) {                     principal = (string) result.get("subject");                     ssotoken = new ssotoken();                     ssotoken.setlogouturl(getlogouturl()); //                  ssotoken.setname((string) result.get("lastname") +", "+(string) result.get("firstname"));                     ssotoken.setname((string) result.get("firstname"));                     ssotoken.setaffiliate((result.get("isaffiliate") != null && !((string)result.get("isaffiliate")).trim().equals("false")) ? true : false);                     if(ssotoken.isaffiliate())                         ssotoken.setloginid((string) result.get("affiliateid"));                     else                         ssotoken.setloginid((string) result.get("subject"));                 }                 session.setattribute("ssotoken", ssotoken);                 boolean isinvalidtoken = hasinvalidtokendata(ssotoken);                 if (isinvalidtoken) {                     throw new preauthenticatedcredentialsnotfoundexception("invalid token found in request.");                 } else {                     session.setattribute("hasvalidtoken", true);                 }             }          } catch (exception e) {             logger.error("exception while reading token " + e);         }         if(session == null )             throw new preauthenticatedcredentialsnotfoundexception("no session found.");         if(session != null && session.getattribute("hasvalidtoken") == null)             throw new preauthenticatedcredentialsnotfoundexception("no attribute 'hasvalidtoken' found in session.");         if(session != null && session.getattribute("hasvalidtoken") != null && !(boolean) session.getattribute("hasvalidtoken"))             throw new preauthenticatedcredentialsnotfoundexception("value of  attribute 'hasvalidtoken' false in session.");          /*if (session == null || session.getattribute("hasvalidtoken") == null || !((boolean) session.getattribute("hasvalidtoken"))){             throw new preauthenticatedcredentialsnotfoundexception("token not found in request.");         }*/         if(session != null && session.getattribute("ssotoken") != null)         {             ssotoken ssotoken = (ssotoken)session.getattribute("ssotoken");             principal = ssotoken.getloginid();         }          return principal;     }     public boolean hasinvalidtokendata(ssotoken token) {         boolean hasinvalidtokendata = false;         if (token == null) {             hasinvalidtokendata = true;         } else {             if (stringutils.isblank(token.getloginid())) {                 logger.debug("login id blank.");                 hasinvalidtokendata = true;             }         }         if (logger.isdebugenabled()) {             logger.debug("exiting: hasinvalidtokendata(ssotoken)");             logger.debug("hasinvalidtokendata=|" + hasinvalidtokendata + "|");         }         return hasinvalidtokendata;     }     @override     protected object getpreauthenticatedcredentials(httpservletrequest request) {         return "";     }      /**      * @return logouturl      */     public string getlogouturl() {         return logouturl;     }      /**      * @param logouturl logouturl set      */     public void setlogouturl(string logouturl) {         this.logouturl = logouturl;     }      public void setauthenticationfailurehandler(exceptionmappingauthenticationfailurehandler authenticationfailurehandler){         this.authenticationfailurehandler = authenticationfailurehandler;     }      public exceptionmappingauthenticationfailurehandler getauthenticationfailurehandler(){         return authenticationfailurehandler;     }


Comments

Post a Comment

Popular posts from this blog

get url and add instance to a model with prefilled foreign key :django admin -

Image
i have page in each contest shown in row. each row contains contest id , link other model names have foreign key contest. news model: class news(models.model): title = models.charfield(max_length=50, null=true) description = models.textfield() time = models.timefield( default= datetime.datetime.now().time()) contest = models.foreignkey(contest) i want use admin adding , changing these models. want when user clicks on 'news' has foreign key contest id=1, shows list of news value foreign key. use {% instance in instances %} <tr class="{% cycle 'row1' 'row2' %}"> <td>{{ instance.title }}</td> <td>{{ instance.starttime }}</td> <td>{{ instance.timespan }}</td> <td>{{ instance.date }}</td> <td><a href="/adm
Read more

css - Make div keyboard-scrollable in jQuery Mobile? -

from can tell, although jquery-mobile-powered pages can contain divs overflow set scroll or auto, , these divs can scrolled one-screen bar or mouse wheel, cannot scrolled using arrow keys, page-up/page-down, or home/end. instead, official "page" div (with data-role="page") absorbs input. perhaps other divs can't acquire focus, i'm not sure. is there way around this? edit: jsfiddle of simple example: https://jsfiddle.net/qogz0shx/ <script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js"></script> <script src="https://ajax.googleapis.com/ajax/libs/jquerymobile/1.4.5/jquery.mobile.min.js"> </script> <link rel="stylesheet" href="https://code.jquery.com/mobile/1.4.5/jquery.mobile-1.4.5.css"/> <style> #outer { overflow:scroll; height: 50vh; width: 50vw; } #inner { height: 500vh; width: 500vw; } &l
Read more

ruby on rails - Seeing duplicate requests handled with Unicorn -

recently upgraded our ec2 instances c3.large in order boost more unicorn workers handle increased traffic our site. (6xworkers per machine - 2 ec2 instances). when did this, started seeing duplicate records being created! looks somehow, maybe 2 unicorn workers attempting process same request? in nginx logs see 1 [post] request particular rails controller - yet 2 records being created in database. i'm hitting kind of race condition issue - have no idea how debug this. doesn't happen time, when it's frustrating well. noticed 2 database records within 5 seconds of each other. (and yes disable button when user clicks submit button). unicorn 4.8.2 ruby 1.9.3 rails 3.2.14 any great! thanks! although may not fix problem, upgrade ruby 2.0.0. there blog mentioning idea upgrade ruby 2.0.0 if using unicorn. for example: https://www.digitalocean.com/community/articles/how-to-optimize-unicorn-workers-in-a-ruby-on-rails-app specifically: if using ruby 1.9,
Read more