CODEWITHSUNDEEP
spring-security
DJ180
DJ180

Reputation: 19854

Spring Security: Unsure of pre-authentication method

My web application uses a pre-authentication method. By the time that the request reaches my application, userPrincipal is correctly set. I know it's not using Java EE container security, it is using some module configured on the Apache web server.

Therefore, I'm unsure what pre-authetication method to use. Ideally I want something similar to the RequestHeaderAuthenticationFilter except that it just reads the userPrincipal from the request instead of the header.

Is there an out of the box mechanism to achieve this?

Upvotes: 1

Views: 759

Answers (1)

Grzegorz Rożniecki
Grzegorz Rożniecki

Reputation: 28035

Just extend and then register AbstractPreAuthenticatedProcessingFilter, everything is in documentation:

public class RequestPreAuthenticatedProcessingFilter
    extends AbstractPreAuthenticatedProcessingFilter {

  private static final String USER_PRINCIPAL_KEY = "";

  @Override
  protected Object getPreAuthenticatedPrincipal(final HttpServletRequest request) {
    return request.getAttribute(USER_PRINCIPAL_KEY);
  }

  @Override
  protected Object getPreAuthenticatedCredentials(final HttpServletRequest request) {
    return "N/A"; // or whatever you need
  }
}

and in security-context.xml:

<security:http>
  <!-- Additional http configuration omitted -->
  <security:custom-filter position="PRE_AUTH_FILTER" ref="preAuthFilter" />
</security:http>

<bean id="preAuthFilter"
    class="com.example.RequestPreAuthenticatedProcessingFilter">
  <property name="authenticationManager" ref="authenticationManager">
</bean>

Upvotes: 1

Related Questions