File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Spring and the fly likes Bypass login form on a Spring application Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Frameworks » Spring
Bookmark "Bypass login form on a Spring application" Watch "Bypass login form on a Spring application" New topic
Author

Bypass login form on a Spring application

Debashish Chakrabarty
Ranch Hand

Joined: May 14, 2002
Posts: 230

I want to bypass the login form for our Spring webflow application under certain scenarios (so that the login form is presented only for normal users but when the URL is something like http://localhost:8080/myspringwebflowapp/spring?j_username=debashish&j_password=pass4test then the user should not be presented the login form but just authenticated internally based on request parameters and later-on taken to a secure page on this webapp). In short, we want to do a transparent authentication only on special conditions (when the URL pattern is as mentioned above).

My attempt is based on the forum thread at http://forum.springsource.org/showthread.php?t=59108:

1) Implemented the AuthenticationProcessingFilter, more precisely overrode the requiresAuthentication() method, as follows:


2) Registered this filter in our spring security XML. We would avoid the login form for URLs like mentioned above but continue to show it normally for other URL patterns. The xml now looks as follows:



With this I am able to invoke the filter with the mentioned URL, the user is authenticated and Principal object is successfully created. But then there is some problem with the filter chain and I get the exception as below. Please guide me on what could be the issue with this customization.



Frankly, I am not really inclined only to validate this solution. I invite the best practice or recommended way to achieve this. I believe that mine is certainly not a case of Pre-authentication. Authentication will always be done by my Spring application, never outside it. Its only a matter of showing a login form or not. Any help from your side on this further would be appreciated.

Edit - Shortened line on stack trace to prevent horizontal scrolling.


Debashish
SCJP2, SCWCD 1.4, PMP, ITIL Foundation
Bill Gorder
Bartender

Joined: Mar 07, 2010
Posts: 1666
    
    7

I am not sure if I would be comfortable about passing a password around as a http parameter.

Anyways see if these posts help you.

http://krams915.blogspot.com/2010/12/spring-security-mvc-implementing-single.html
http://www.coderanch.com/t/557314/Spring/Authenticating-Spring-Security-password-username


[How To Ask Questions][Read before you PM me]
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Bypass login form on a Spring application