Sandip Patel
Reputation: 21
Spring Authentication filter not working
I am implementing custom authentication filter as below. But it always returns 404 not found. For Ex: http://localhost:8082/InstaHelpers/api/user/registration.
WebSecurityConfig.java
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
public static final String JWT_TOKEN_HEADER_PARAM = "X-Authorization";
public static final String FORM_BASED_LOGIN_ENTRY_POINT = "/api/auth/login";
public static final String TOKEN_BASED_AUTH_ENTRY_POINT = "/api/**";
public static final String TOKEN_REFRESH_ENTRY_POINT = "/api/auth/token";
@Autowired
private RestAuthenticationEntryPoint authenticationEntryPoint;
@Autowired
private JwtAuthenticationSuccessHandler successHandler;
@Autowired
private JwtAuthenticationFailureHandler failureHandler;
@Autowired
private AjaxAuthenticationProvider ajaxAuthenticationProvider;
@Autowired
private JwtAuthenticationProvider jwtAuthenticationProvider;
@Autowired
private TokenExtractor tokenExtractor;
@Autowired
private AuthenticationManager authenticationManager;
private ObjectMapper objectMapper = new ObjectMapper();
protected AjaxLoginProcessingFilter buildAjaxLoginProcessingFilter() throws Exception {
AjaxLoginProcessingFilter filter = new AjaxLoginProcessingFilter(FORM_BASED_LOGIN_ENTRY_POINT, successHandler,
failureHandler, objectMapper);
filter.setAuthenticationManager(this.authenticationManager);
return filter;
}
protected JwtTokenAuthenticationProcessingFilter buildJwtTokenAuthenticationProcessingFilter() throws Exception {
List<String> pathsToSkip = Arrays.asList(TOKEN_REFRESH_ENTRY_POINT, FORM_BASED_LOGIN_ENTRY_POINT);
SkipPathRequestMatcher matcher = new SkipPathRequestMatcher(pathsToSkip, TOKEN_BASED_AUTH_ENTRY_POINT);
JwtTokenAuthenticationProcessingFilter filter = new JwtTokenAuthenticationProcessingFilter(failureHandler,
tokenExtractor, matcher);
filter.setAuthenticationManager(this.authenticationManager);
return filter;
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) {
auth.authenticationProvider(ajaxAuthenticationProvider);
auth.authenticationProvider(jwtAuthenticationProvider);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable() // We don't need CSRF for JWT based authentication
.exceptionHandling().authenticationEntryPoint(this.authenticationEntryPoint)
.and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and().authorizeRequests().antMatchers(FORM_BASED_LOGIN_ENTRY_POINT).permitAll() // Login
// end-point
.antMatchers(TOKEN_REFRESH_ENTRY_POINT).permitAll() // Token
// refresh
// end-point
.antMatchers("/console").permitAll() // H2 Console Dash-board -
// only for testing
.and().authorizeRequests().antMatchers(TOKEN_BASED_AUTH_ENTRY_POINT).authenticated() // Protected
// API
// End-points
.and().addFilterBefore(new CustomCorsFilter(), UsernamePasswordAuthenticationFilter.class)
.addFilterBefore(buildAjaxLoginProcessingFilter(), UsernamePasswordAuthenticationFilter.class)
.addFilterBefore(buildJwtTokenAuthenticationProcessingFilter(),
UsernamePasswordAuthenticationFilter.class);
}
}
Web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:sec="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-
security-4.2.xsd">
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/*.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/appServlet/servlet- context.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
</web-app>
Dependencies
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.2.2.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.2.2.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.2.2.RELEASE</version>
</dependency>
I am aware solution to such issue is listed in other questions but it is not solving the issue.
Upvotes: 2
Views: 1677
Answers (1)
Jekin Kalariya
Reputation: 3507
You need to either create class which extends AbstractSecurityWebApplicationInitializer it will load the springSecurityFilterChain automatically.
import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
public class SpringSecurityInitializer extends AbstractSecurityWebApplicationInitializer {
}
or provide spring security filter chain in web.xml like below
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
( I can also notice one space in servlet- context.xml, correct this as well).
Other thing you might have incorrect mapping in your view resolver, kindly post code for that as well
Upvotes: 1
Related Questions
- Spring Security authentication filter not being called
- Spring authentication filter throwing wrong error message
- AuthenticationManager is null in my custom filter
- Spring Security authenticationmanager must be specified - for custom filter
- Spring security authentication Filter Exception
- Spring security filter authenticates sucessfuly but sends back 403 response
- Spring Security Rest Token Authentication - Filter does not run
- Spring security authentication filter url ignored
- Spring security adding filter before authentication filter
- Spring Security authentication manager won't get picked up on custom filter