spring - authentication filter was called repeatedly -

-

i setup spring security rest apis. here sample of rest call, get: http://localhost:8081/dashboard/epic/data. when executing, filter, provider , eventual onauthenticationsuccess triggered. here problem, instead of executing rest url after authentication, go filter many times. second time, request.getrequesturl http://localhost:8081/dashboard.

here security-context.xml:

  <http auto-config='false' authentication-manager-ref="authenticationmanager" entry-point-ref="authenticationentrypoint">      <intercept-url pattern="dashboard/**" access="role_user" />     <csrf disabled="true"/>     <custom-filter position="remember_me_filter" ref="dashboardfilter"></custom-filter> </http>   <authentication-manager alias="authenticationmanager">     <authentication-provider ref="dashboardauthprovider"></authentication-provider> </authentication-manager>  <beans:bean id="dashboardfilter" class="com.apple.store.dashboard.security.dashboardauthfilter">     <beans:property name="authenticationmanager" ref="authenticationmanager"/>     <beans:property name="authenticationsuccesshandler">         <beans:bean class="com.apple.store.dashboard.security.loginsuccesshandler">           </beans:bean>     </beans:property> </beans:bean>  <beans:bean id="authenticationentrypoint" class="com.apple.store.dashboard.security.dashboardauthentrypoint"> </beans:bean>  <beans:bean id="dashboardauthprovider" class="com.apple.store.dashboard.security.dashboardauthprovider">  </beans:bean>

here filter

public class dashboardauthfilter extends abstractauthenticationprocessingfilter {     private static final logger logger = loggerfactory.getlogger(dashboardauthfilter.class);      public dashboardauthfilter() {         //super("/j_spring_cas_security_check");         super("/**");     }      public authentication attemptauthentication(final httpservletrequest request, final httpservletresponse response)             throws org.springframework.security.core.authenticationexception, unsupportedencodingexception {         logger.debug("inside dashboardauthfilter:attemptauthentication method:");         authentication auth = securitycontextholder.getcontext().getauthentication();         if (auth!=null ){             if (auth.isauthenticated()){                 logger.debug("previously authenticated.isauthenticated=true::: auth details:" +auth);                 return auth;             }         }          string _username = null;         string _password = null;           string authheader = request.getheader("authorization");         if (authheader != null) {             stringtokenizer st = new stringtokenizer(authheader);             if (st.hasmoretokens()) {                 string basic = st.nexttoken();                  if (basic.equalsignorecase("basic")) {                     try {                         string credentials = new string(base64.decodebase64(st.nexttoken()), "utf-8");                         logger.debug("credentials: " + credentials);                         int p = credentials.indexof(":");                         if (p != -1) {                              _username = credentials.substring(0, p).trim();                              _password = credentials.substring(p + 1).trim();                         }                     } catch (exception e) {                      }                 }             }         }         else             system.out.println("request url "+request.getrequesturl());          authentication authresult = null;         try {             if( org.apache.commons.lang.stringutils.isempty(_password)) {                 throw new preauthenticatedcredentialsnotfoundexception("no username:password..");             }             string credentials = "na";              //string validatecookiedetails = correctauthentication(aoscookie, request);              usernamepasswordauthenticationtoken authrequest = new usernamepasswordauthenticationtoken(_username+":"+_password, credentials);             authresult = getauthenticationmanager().authenticate(authrequest);             logger.debug("attempted authentication: authresult ::" + authresult.tostring());         } catch (org.springframework.security.core.authenticationexception e) {                 logger.error("attemptauthentication: not authenticated : authenticationexception ....." + e.getmessage());          } catch (exception e) {             logger.error("exception occured during authentication....." + e.getmessage());         }         return authresult;     }

here provider:

public class dashboardauthprovider implements authenticationprovider {      private static final logger logger = loggerfactory.getlogger(dashboardauthprovider.class);       @override     public authentication authenticate(final authentication authentication) throws authenticationexception {         logger.debug("inside dashboardauthprovider: authenticate method +authentication=" + authentication);         authentication auth =null;         final list<grantedauthority> grantedauths = new arraylist<>();         grantedauths.add(new simplegrantedauthority("role_user"));         try{             string[] principalstrarr = ((string)authentication.getprincipal()).split(":");             //convert authentication principal object map              if (principalstrarr[0].equals("test1") && principalstrarr[1].equals("test1"))             {                 string username = principalstrarr[0];                 string password = principalstrarr[1];                   final userdetails principal = new accessinfo(username, password, grantedauths);                 auth = new usernamepasswordauthenticationtoken(principal, password, grantedauths);                  logger.info("dashboardauthprovider auth= " + auth);             }             else {                 logger.info("wrong credential");                 return null;             }         }catch (exception e){             logger.error(                     "exception occured in dashboardauthprovider during authentication",                     e);         }         return auth;      }

and here onauthenticationsuccess:

public class loginsuccesshandler extends simpleurlauthenticationsuccesshandler implements authenticationsuccesshandler {      @override     public void onauthenticationsuccess(httpservletrequest request, httpservletresponse response, authentication authentication) throws ioexception, servletexception {              super.onauthenticationsuccess(request, response, authentication);      }


Comments

Post a Comment

Popular posts from this blog

c# - Better 64-bit byte array hash -

-
i need hash algorithm produces 64-bit hash code ( long ) fewer collisions string.gethashcode() , fast (no expensive calls cryptographic functions). here's implementation of fnv still shows 3% of collisions after testing 2 million random strings. need number way lower. void main() { const string chars = "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz!#@$%^&*()_+}{\":?><,./;'[]0123456789\\"; const int n = 2000000; var random = new random(); var hashes = new hashset<long>(); int collisions = 0; for(int = 0; < n; i++) { var len = random.next(chars.length); var str = new char[len]; (int j = 0; j < len; j++) { str[j] = chars[random.next(chars.length)]; } var s = new string(str); if(!hashes.add(get64bithash( s ))) collisions++; } console.writeline("collision percentage after " + n + " random strings: " + ((doubl
Read more

webrtc - Which ICE candidate am I using and why? -

-
[questions in bold below] i have setup kurento media server 5.1.3 in datacenter behind firewall running os ubuntu 14.04. has 2 network cards: 222.222.222.222 (eth0 - private ip) 111.111.111.111 (eth1 - public ip) attached below sdp (setremotedescription) when browser connected kurento media server type: answer, sdp: v=0 o=- 5487318114793304426 0 in ip4 0.0.0.0 s=kurento media server c=in ip4 0.0.0.0 t=0 0 a=group:bundle audio video m=audio 59068 rtp/savpf 111 0 c=in ip4 111.111.111.111 a=rtpmap:111 opus/48000/2 a=rtpmap:0 pcmu/8000 a=sendrecv a=rtcp:59068 in ip4 111.111.111.111 a=rtcp-mux a=ssrc:669011897 cname:user39019747@host-6e83e4c2 a=extmap:3 http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time a=mid:audio b=as:20 a=ice-ufrag:ymdk a=ice-pwd:lylifk5ueqzpwm91ddj37e a=fingerprint:sha-256 ff:0f:81:8c:41:4e:b4:b6:c6:d8:36:f3:d6:5f:09:fd:5f:af:13:b3:9d:fc:12:66:ac:f3:56:d6:5b:0a:73:5d a=candidate:1 1 udp 2013266431 111.111.111.111 55239 typ host a=candidate:2 1 udp
Read more

php - Zend Framework / Skeleton-Application / Composer install issue -

-
i trying create zend framework application using skeleton in netbeans. when run composer install, following error message: "c:\php\php.exe" "c:\composer\composer.phar" "--ansi" "--no-interaction" "update" "--dev" using deprecated option "dev". dev packages installed default now. loading composer repositories package information updating dependencies (including require-dev) requirements not resolved installable set of packages. problem 1 - package requires php >=5.5 php version (5.4.42) not satisfy requirement. problem 2 - installation request zendframework/zendframework 2.5.1 -> satisfiable zendframework/zendframework[2.5.1]. - zendframework/zendframework 2.5.1 requires php >=5.5 -> php version (5.4.42) not satisfy requirement. done. apparently, zend framework only needs php 5.3+ contradicts above. need use php 5.4. my composer.json following: { "name": "
Read more