• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Bypass login form on a Spring application

 
Ranch Hand
Posts: 250
Python Spring Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I want to bypass the login form for our Spring webflow application under certain scenarios (so that the login form is presented only for normal users but when the URL is something like http://localhost:8080/myspringwebflowapp/spring?j_username=debashish&j_password=pass4test then the user should not be presented the login form but just authenticated internally based on request parameters and later-on taken to a secure page on this webapp). In short, we want to do a transparent authentication only on special conditions (when the URL pattern is as mentioned above).

My attempt is based on the forum thread at http://forum.springsource.org/showthread.php?t=59108:

1) Implemented the AuthenticationProcessingFilter, more precisely overrode the requiresAuthentication() method, as follows:


2) Registered this filter in our spring security XML. We would avoid the login form for URLs like mentioned above but continue to show it normally for other URL patterns. The xml now looks as follows:



With this I am able to invoke the filter with the mentioned URL, the user is authenticated and Principal object is successfully created. But then there is some problem with the filter chain and I get the exception as below. Please guide me on what could be the issue with this customization.



Frankly, I am not really inclined only to validate this solution. I invite the best practice or recommended way to achieve this. I believe that mine is certainly not a case of Pre-authentication. Authentication will always be done by my Spring application, never outside it. Its only a matter of showing a login form or not. Any help from your side on this further would be appreciated.

Edit - Shortened line on stack trace to prevent horizontal scrolling.
 
Bartender
Posts: 1682
7
Android Mac OS X IntelliJ IDE Spring Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am not sure if I would be comfortable about passing a password around as a http parameter.

Anyways see if these posts help you.

http://krams915.blogspot.com/2010/12/spring-security-mvc-implementing-single.html
https://coderanch.com/t/557314/Spring/Authenticating-Spring-Security-password-username
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic