This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
I want to bypass the login form for our Spring webflow application under certain scenarios (so that the login form is presented only for normal users but when the URL is something like http://localhost:8080/myspringwebflowapp/spring?j_username=debashish&j_password=pass4test then the user should not be presented the login form but just authenticated internally based on request parameters and later-on taken to a secure page on this webapp). In short, we want to do a transparent authentication only on special conditions (when the URL pattern is as mentioned above).
1) Implemented the AuthenticationProcessingFilter, more precisely overrode the requiresAuthentication() method, as follows:
2) Registered this filter in our spring security XML. We would avoid the login form for URLs like mentioned above but continue to show it normally for other URL patterns. The xml now looks as follows:
With this I am able to invoke the filter with the mentioned URL, the user is authenticated and Principal object is successfully created. But then there is some problem with the filter chain and I get the exception as below. Please guide me on what could be the issue with this customization.
Frankly, I am not really inclined only to validate this solution. I invite the best practice or recommended way to achieve this. I believe that mine is certainly not a case of Pre-authentication. Authentication will always be done by my Spring application, never outside it. Its only a matter of showing a login form or not. Any help from your side on this further would be appreciated.
Edit - Shortened line on stack trace to prevent horizontal scrolling.