CODEWITHSUNDEEP
javaspringspring-mvcspring-security
OTUser
OTUser

Reputation: 3848

How to override default spring security XML configuration?

We have a internal framework which does the login authentication process for our application using spring security 3.1.4 Here is a part of a security-applicationContext.xml 

<beans:beans xmlns="http://www.springframework.org/schema/security"
  xmlns:beans="http://www.springframework.org/schema/beans"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xmlns:aop="http://www.springframework.org/schema/aop"
  xsi:schemaLocation="http://www.springframework.org/schema/beans  
       http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
       http://www.springframework.org/schema/security
       http://www.springframework.org/schema/security/spring-security-3.1.xsd
       http://www.springframework.org/schema/aop    http://www.springframework.org/schema/aop/spring-aop-3.1.xsd"> 
//some other beans....
<http use-expressions="true" auto-config="false" disable-url-rewriting="true" entry-point-ref="loginUrlAuthenticationEntryPoint"
        request-matcher-ref="localAuthRequestMatcher">
  <intercept-url pattern="/admin/**" access="hasRole('ADMIN_PERMISSION')" />
  <intercept-url pattern="/system/**" access="hasRole('ADMIN_PERMISSION')" />
  <intercept-url pattern="/enduser/**" access="isAuthenticated()" />
  <intercept-url pattern="/changePassword.do" access="isAuthenticated()"/>      
  <intercept-url pattern="/index.do" access="isAnonymous()" />
  <custom-filter after="SECURITY_CONTEXT_FILTER" ref="welcomePageRedirectFilter" />
  <custom-filter before="LOGOUT_FILTER" ref="internalAuthenticationFilter" />
  <form-login login-page="/index.do" authentication-failure-handler-ref="DCAuthenticationFailureHandler" authentication-success-handler-ref="DCAuthenticationSuccessHandler" />
  <http-basic />
  <anonymous />      
  <session-management session-authentication-strategy-ref="customSessionFixationProtectionStrategy" />  
  <logout success-handler-ref="localLogoutSuccessHandler" />       
</http> 
</beans:beans>

We reference this security-applicationContext.xml configuration in our applicationContext as below

<import resource="classpath:/security-applicationContext.xml" />

I need to extend the functionality of DCAuthenticationSuccessHandler so I created a new class CPAuthenticationSuccessHandler by extending DCAuthenticationSuccessHandler.

How do i configure my CPAuthenticationSuccessHandler as authentication-success-handler to override the functionality of DCAuthenticationSuccessHandler without touching the security-applicationContext.xml. I really appreciate someone's help on this

I created CPAuthenticationHandler as below

@Component
@Primary
public class CPAuthenticationSuccessHandler extends DCAuthenticationSuccessHandler {
 @Override
public void onAuthenticationSuccess(final HttpServletRequest request, HttpServletResponse response,
        Authentication authentication) throws IOException, ServletException {
    new DefaultRedirectStrategy().sendRedirect(request, response,
            this.onAuthenticationSuccessUrl(request, response, authentication));
}

    @Override
    public String onAuthenticationSuccessUrl(final HttpServletRequest request, HttpServletResponse response,
        Authentication authentication) throws IOException, ServletException {
.......
}

But CPAuthenticationSuccessHandler is not invoked, i have a breakpoint in both the handlers but control is always going to DCAuthenticationSuccessHandler.

Upvotes: 0

Views: 1896

Answers (1)

JamesENL
JamesENL

Reputation: 6540

See my answer on this post here for an example of how to wire in a custom AuthenticationSuccessHandler into your security context.

However, in your case, instead of implementing AuthenticationSuccessHandler, you want to extend DCAuthenticationSuccessHandler and call super.onAuthenticationSuccess(request, response, authentication) on the last line of your CPAuthenticationSuccessHandler.

Something like this:

public class CPAuthenticationSuccessHandler extends DCAuthenticationSuccessHandler{
    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, 
        HttpServletResponse response, Authentication authentication){
        /* Do anything that you want to do here. Any changes to the HttpServletResponse
         * will be overwritten when you call super. So when you call super will
         * depend on what logic you want to implement.
         */

        super.onAuthenticationSuccess(request, response, authentication);
    }
}

If there is anything you don't understand, let me know

Upvotes: 1

Related Questions