• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Bypass login form on a Spring application

 
Debashish Chakrabarty
Ranch Hand
Posts: 231
Firefox Browser Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I want to bypass the login form for our Spring webflow application under certain scenarios (so that the login form is presented only for normal users but when the URL is something like http://localhost:8080/myspringwebflowapp/spring?j_username=debashish&j_password=pass4test then the user should not be presented the login form but just authenticated internally based on request parameters and later-on taken to a secure page on this webapp). In short, we want to do a transparent authentication only on special conditions (when the URL pattern is as mentioned above).

My attempt is based on the forum thread at http://forum.springsource.org/showthread.php?t=59108:

1) Implemented the AuthenticationProcessingFilter, more precisely overrode the requiresAuthentication() method, as follows:


2) Registered this filter in our spring security XML. We would avoid the login form for URLs like mentioned above but continue to show it normally for other URL patterns. The xml now looks as follows:



With this I am able to invoke the filter with the mentioned URL, the user is authenticated and Principal object is successfully created. But then there is some problem with the filter chain and I get the exception as below. Please guide me on what could be the issue with this customization.



Frankly, I am not really inclined only to validate this solution. I invite the best practice or recommended way to achieve this. I believe that mine is certainly not a case of Pre-authentication. Authentication will always be done by my Spring application, never outside it. Its only a matter of showing a login form or not. Any help from your side on this further would be appreciated.

Edit - Shortened line on stack trace to prevent horizontal scrolling.
 
Bill Gorder
Bartender
Posts: 1682
7
Android IntelliJ IDE Linux Mac OS X Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am not sure if I would be comfortable about passing a password around as a http parameter.

Anyways see if these posts help you.

http://krams915.blogspot.com/2010/12/spring-security-mvc-implementing-single.html
http://www.coderanch.com/t/557314/Spring/Authenticating-Spring-Security-password-username
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic