Sandip Patel
Sandip Patel

Reputation: 21

Spring Authentication filter not working

I am implementing custom authentication filter as below. But it always returns 404 not found. For Ex: http://localhost:8082/InstaHelpers/api/user/registration.

WebSecurityConfig.java

 @Configuration
                    @EnableWebSecurity
                    public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
                        public static final String JWT_TOKEN_HEADER_PARAM = "X-Authorization";
                        public static final String FORM_BASED_LOGIN_ENTRY_POINT = "/api/auth/login";
                        public static final String TOKEN_BASED_AUTH_ENTRY_POINT = "/api/**";
                        public static final String TOKEN_REFRESH_ENTRY_POINT = "/api/auth/token";

                        @Autowired
                        private RestAuthenticationEntryPoint authenticationEntryPoint;
                        @Autowired
                        private JwtAuthenticationSuccessHandler successHandler;
                        @Autowired
                        private JwtAuthenticationFailureHandler failureHandler;
                        @Autowired
                        private AjaxAuthenticationProvider ajaxAuthenticationProvider;
                        @Autowired
                        private JwtAuthenticationProvider jwtAuthenticationProvider;

                        @Autowired
                        private TokenExtractor tokenExtractor;

                        @Autowired
                        private AuthenticationManager authenticationManager;

                        private ObjectMapper objectMapper = new ObjectMapper();

                        protected AjaxLoginProcessingFilter buildAjaxLoginProcessingFilter() throws Exception {
                            AjaxLoginProcessingFilter filter = new AjaxLoginProcessingFilter(FORM_BASED_LOGIN_ENTRY_POINT, successHandler,
                                    failureHandler, objectMapper);
                            filter.setAuthenticationManager(this.authenticationManager);
                            return filter;
                        }

                        protected JwtTokenAuthenticationProcessingFilter buildJwtTokenAuthenticationProcessingFilter() throws Exception {
                            List<String> pathsToSkip = Arrays.asList(TOKEN_REFRESH_ENTRY_POINT, FORM_BASED_LOGIN_ENTRY_POINT);
                            SkipPathRequestMatcher matcher = new SkipPathRequestMatcher(pathsToSkip, TOKEN_BASED_AUTH_ENTRY_POINT);
                            JwtTokenAuthenticationProcessingFilter filter = new JwtTokenAuthenticationProcessingFilter(failureHandler,
                                    tokenExtractor, matcher);
                            filter.setAuthenticationManager(this.authenticationManager);
                            return filter;
                        }

                        @Bean
                        @Override
                        public AuthenticationManager authenticationManagerBean() throws Exception {
                            return super.authenticationManagerBean();
                        }

                        @Override
                        protected void configure(AuthenticationManagerBuilder auth) {
                            auth.authenticationProvider(ajaxAuthenticationProvider);
                            auth.authenticationProvider(jwtAuthenticationProvider);
                        }

                        @Override
                        protected void configure(HttpSecurity http) throws Exception {
                            http.csrf().disable() // We don't need CSRF for JWT based authentication
                                    .exceptionHandling().authenticationEntryPoint(this.authenticationEntryPoint)

                                    .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)

                                    .and().authorizeRequests().antMatchers(FORM_BASED_LOGIN_ENTRY_POINT).permitAll() // Login
                                                                                                                        // end-point
                                    .antMatchers(TOKEN_REFRESH_ENTRY_POINT).permitAll() // Token
                                                                                        // refresh
                                                                                        // end-point
                                    .antMatchers("/console").permitAll() // H2 Console Dash-board -
                                                                            // only for testing
                                    .and().authorizeRequests().antMatchers(TOKEN_BASED_AUTH_ENTRY_POINT).authenticated() // Protected
                                                                                                                            // API
                                                                                                                            // End-points
                                    .and().addFilterBefore(new CustomCorsFilter(), UsernamePasswordAuthenticationFilter.class)
                                    .addFilterBefore(buildAjaxLoginProcessingFilter(), UsernamePasswordAuthenticationFilter.class)
                                    .addFilterBefore(buildJwtTokenAuthenticationProcessingFilter(),
                                            UsernamePasswordAuthenticationFilter.class);
                        }
                    }

Web.xml

            <?xml version="1.0" encoding="UTF-8"?>
            <web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee"
                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                xmlns:sec="http://www.springframework.org/schema/security"
                xsi:schemaLocation="http://java.sun.com/xml/ns/javaee 
                http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd
                http://www.springframework.org/schema/security
                http://www.springframework.org/schema/security/spring-
                security-4.2.xsd">


                <context-param>
                    <param-name>contextConfigLocation</param-name>
                    <param-value>/WEB-INF/spring/*.xml</param-value>
                </context-param>


                <listener>
                    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
                </listener>


                <servlet>
                    <servlet-name>appServlet</servlet-name>
                    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
                    <init-param>
                        <param-name>contextConfigLocation</param-name>
                        <param-value>/WEB-INF/spring/appServlet/servlet- context.xml</param-value>
                    </init-param>
                    <load-on-startup>1</load-on-startup>
                </servlet>

                <servlet-mapping>
                    <servlet-name>appServlet</servlet-name>
                    <url-pattern>/</url-pattern>
                </servlet-mapping>
             </web-app>

Dependencies

                <dependency>
                <groupId>org.springframework.security</groupId>
                <artifactId>spring-security-core</artifactId>
                <version>4.2.2.RELEASE</version>
            </dependency>

            <dependency>
                <groupId>org.springframework.security</groupId>
                <artifactId>spring-security-config</artifactId>
                <version>4.2.2.RELEASE</version>
            </dependency>

            <dependency>
                <groupId>org.springframework.security</groupId>
                <artifactId>spring-security-web</artifactId>
                <version>4.2.2.RELEASE</version>
            </dependency>

I am aware solution to such issue is listed in other questions but it is not solving the issue.

Upvotes: 2

Views: 1677

Answers (1)

Jekin Kalariya
Jekin Kalariya

Reputation: 3507

You need to either create class which extends AbstractSecurityWebApplicationInitializer it will load the springSecurityFilterChain automatically.

import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;

public class SpringSecurityInitializer extends AbstractSecurityWebApplicationInitializer {

}

or provide spring security filter chain in web.xml like below

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy
                </filter-class>
</filter>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

( I can also notice one space in servlet- context.xml, correct this as well).

Other thing you might have incorrect mapping in your view resolver, kindly post code for that as well

Upvotes: 1

Related Questions