CODEWITHSUNDEEP
javaspring-bootspring-security
Adindu Stevens
Adindu Stevens

Reputation: 3567

UsernamePasswordAuthenticationFilter skips success handler

I am having a hard time configuring my spring security. The problem is, my authentication filter always skips my success and failure handlers whenever I authenticate via a custom UsernamePasswordAuthenticationFilter. I don't seem to know why this happens.

First off, I pass the authentication parameter as JSON, and filter out the username and password, then I pass those two parameters into a new UsernamePasswordAuthenticationToken(username, password) then I get the authentication manager and authenticate the returned token. At the point of success full authentication I expect that the success handler should take over but no it doesn't get called at all.

This is my security configuration. 

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .csrf()
            .disable()
            .authorizeRequests()
            .and()
            .exceptionHandling()
            .authenticationEntryPoint(restAuthenticationEntryPoint)
            .and()
            .authorizeRequests()
            .antMatchers("/signup")
            .permitAll()
            .antMatchers("/", "/security/login", "/request", "/request.html")
            .authenticated()
            .and()
            .formLogin()
            .loginProcessingUrl("/security/login")
            .successHandler(authenticationSuccessHandler())
            .failureHandler(authenticationFailureHandler())
            .and()
            .logout()
            .logoutUrl("/logout")
            .permitAll()
            .and()
            .addFilterAfter
                    (authenticationFilter(), UsernamePasswordAuthenticationFilter.class)
            //.and()
            .userDetailsService(userDetailsServiceBean());
}

The relevant beans are 

@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {

    auth.userDetailsService(userDetailsServiceBean());
}

@Bean
@Override
public UserDetailsService userDetailsServiceBean() throws Exception {

    return new JdbcUserDetails();
}

@Bean
public RestAuthenticationSuccessHandler authenticationSuccessHandler(){
    return new RestAuthenticationSuccessHandler();
}

@Bean
public RestAuthenticationFailureHandler authenticationFailureHandler(){
    return new RestAuthenticationFailureHandler();
}

@Bean
JsonAuthenticationFilter authenticationFilter() throws Exception {
    logger.debug("Authenication filter processing loggin request    ");
    JsonAuthenticationFilter filter = new JsonAuthenticationFilter();
    filter.setAuthenticationManager(authenticationManagerBean());
    return filter;
}

The filter is 

public class JsonAuthenticationFilter extends UsernamePasswordAuthenticationFilter{

@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {

    UsernamePasswordAuthenticationToken authRequest = this.getUserNamePasswordAuthenticationToken(request);

    setDetails(request, authRequest);

    return this.getAuthenticationManager().authenticate(authRequest);
}

and finally my success handler

class RestAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {

@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
        Authentication authentication)
        throws ServletException, IOException {

    logger.debug("Successful login");
    System.out.println("\n\n\n\n\n\n\n\nresponse here\n\n\n\n\n\n\n");

    response.getWriter().write("{This is a login success response}");
    response.getWriter().flush();
    response.getWriter().close();

}

I have been battling for too long

Upvotes: 1

Views: 1024

Answers (1)

jzheaux
jzheaux

Reputation: 7707

Spring Security will back off on a given bean configuration when you supply that bean.

So, because you supplied your filter (JsonAuthenticationFilter), Spring Security expects that you'll know best how to compose it.

So, then, you'd instead do:

@Bean
JsonAuthenticationFilter authenticationFilter() {
    JsonAuthenticationFilter filter = new JsonAuthenticationFilter();
    // .. other configs
    filter.setAuthenticationSuccessHandler(new RestAuthenticationSuccessHandler());
    filter.setAuthenticationFailureHandler(new RestAuthenticationFailureHandler());
}

It looks like there is a lot going on, so if that doesn't solve your issue, feel free to put together a sample, say on GitHub, and I'd be happy to look it over.

Upvotes: 4

Related Questions