spring security - How to override BasicAuthenticationFilter using the schema configuration? -

-

we use spring security 4.x , want override basicauthenticationfilter. unfortunately not able find how configure class name basicauthenticationfilter nor in http element neither in http-basic element schema configuration.

how override basicauthenticationfilter using schema configuration?

i have tried override basicauthenticationfilter using custom filter without success – schema continue create default basicauthenticationfilter.

added

very strange. configured auto-config="false still can see creation of default basicauthenticationfilter.

it should not created according documentation http://docs.spring.io/spring-security/site/docs/4.0.x/reference/htmlsingle/#nsa-http

added

the configuration w/o beans definitions

<?xml version="1.0" encoding="utf-8"?> <beans xmlns="http://www.springframework.org/schema/beans"     xmlns:sec="http://www.springframework.org/schema/security"     xmlns:xsi="http://www.w3.org/2001/xmlschema-instance"     xmlns:p="http://www.springframework.org/schema/p" xmlns:oxm="http://www.springframework.org/schema/oxm"     xsi:schemalocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd                         http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">       <sec:global-method-security pre-post-annotations="enabled">         <!-- aspectj pointcut expression locates our "post" method , applies security way         <protect-pointcut expression="execution(* bigbank.*service.post*(..))" access="role_teller"/>         -->     </sec:global-method-security>      <sec:http use-expressions="true" auto-config="true" pattern="/api/**"  disable-url-rewriting="false" entry-point-ref="authenticationentrypoint">         <sec:custom-filter ref="rememberurlfilter" before="basic_auth_filter"/>         <sec:custom-filter position="pre_auth_filter" ref="ssofilter" />          <sec:intercept-url  pattern="/api/**" access="isauthenticated()" />         <sec:intercept-url pattern="/**" access="isauthenticated()"/>         <sec:logout logout-url="/logout.faces" success-handler-ref="logoutsuccesshandlerimpl" />         <sec:http-basic entry-point-ref="authenticationentrypoint"/>         <sec:csrf disabled="true"/>         <sec:headers disabled="true"/>         <!--<sec:custom-filter ref="basicauthenticationfilter" after="basic_auth_filter"/>-->          <sec:custom-filter ref="localhostintegrationfilter" after="anonymous_filter"/>         <sec:access-denied-handler  ref="accessdeniedhandler"/>     </sec:http>      <bean class="org.primefaces.webapp.filter.fileuploadfilter" name="fileuploadfilter"/>      <sec:http use-expressions="true" auto-config="true" disable-url-rewriting="false">         <sec:custom-filter ref="fileuploadfilter" before="first"/>         <sec:custom-filter ref="rememberurlfilter" before="basic_auth_filter"/>         <sec:custom-filter position="pre_auth_filter" ref="ssofilter" />          <sec:intercept-url  pattern="/pages/**" access="isauthenticated()"  />         <sec:intercept-url pattern="/login.faces" access="isanonymous()"/>         <sec:intercept-url pattern="/js/**" access="permitall"/>         <sec:intercept-url pattern="/css/**" access="permitall"/>         <sec:intercept-url pattern="/images/**" access="permitall"/>         <sec:intercept-url pattern="/img/**" access="permitall" />         <sec:intercept-url pattern="/**" access="isauthenticated()"/>          <sec:csrf disabled="true"/>         <sec:headers disabled="true"/>          <sec:form-login login-page="/login.faces"                         login-processing-url="/j_spring_security_check"                         authentication-failure-url="/login.faces"                         default-target-url="/pages/defaultpage.faces"                         username-parameter="j_username"                         password-parameter="j_password"                         authentication-failure-handler-ref="authenticationfailurehandler"         />          <sec:logout logout-url="/logout.faces"                     success-handler-ref="logoutsuccesshandlerimpl"                 />          <sec:custom-filter ref="localhostintegrationfilter" after="anonymous_filter"/>         <sec:access-denied-handler  ref="accessdeniedhandler"/>     </sec:http>  ...  </beans>

as per schema documentation in xsd if want replace filter need use position tag:

<sec:custom-filter ref="custombasicauth" position="basic_auth_filter"/>

also if include <sec:http-basic element, default basic auth filter added filter chain.

the auto-config legacy attribute , can removed (no need set false)


Comments

Post a Comment

Popular posts from this blog

magento2 - Magento 2 admin grid add filter to collection -

-
i created grid in admin xml ui components. need filter collection via url parameter , dont know how achieve that. tried inject requestinterface collection, filter didnt work. di.xml <virtualtype name="slidelistingdataprovider" type="magento\framework\view\element\uicomponent\dataprovider\dataprovider"> <arguments> <argument name="collection" xsi:type="object" shared="false">xxx\xxx\model\resourcemodel\grid\slide\collection</argument> <argument name="filterpool" xsi:type="object" shared="false">slidelistingfilterpool</argument> <!-- define new object filters --> </arguments> </virtualtype> <virtualtype name="slidelistingfilterpool" type="magento\framework\view\element\uicomponent\dataprovider\filterpool"> <arguments> <argument name="applier...
Read more

Android volley - avoid multiple requests of the same kind to the server? -

-
i using volley upload list of images server. happens within service. once image uploaded remove list. problem arises when internet connection breaks. when internet connection breaks , comes again thinking of adding images yet uploaded request queue. this can result in more 1 copy of same image saved on server request same image might have gone through before getting rseponse. how can address scenario? i'm not quite sure why you're using service schedule requests volley automatically runs it's request in seperate thread. nevertheless can listen both request results, successful , unsuccessful adding listeners. you can remove image list schedule request using volley. if succeeds can carry on desired, if fails can add again list. public static request getimageuploadrequest(final string image) { response.listener<t> responselistener = new response.listener<t>() { @override public void onresponse(t response...
Read more

Combining PHP Registration and Login into one class with multiple functions in one PHP file -

-
i'm trying combine registration, activation , login scripts php website backend script front end developer can pass variables different forms to. my question whether appropriate approach this. don't want have lot of php files different pieces of application developing. far have written following 2 functions login, register , activate user front end developer can call: <?php /** * created phpstorm. * user: karl * date: 26/07/2016 * time: 02:25 */ class users { function register_user($email, $password, $user_name) { $server_name = "localhost"; $u_name = "root"; $db_password = "root"; $db_name = "betamath_graspe"; //email notification variable $from_address="info@slack.com"; //registration form $msg_reg_user='username taken. please choose different username'; $msg_reg_email='email registered'; $msg_reg_active=...
Read more