stackoom
  简体   繁体   中英

Spring Security 401 error with custom authentication filter

 原文  2011-03-24 07:45:58       authentication/ spring-security/ http-status-code-401

Question

We're developing a website using Java and Spring. As a server, we're using a custom server based on Tomcat 6.0.29. In the web.xml file there is this custom authentication filter declared: 

<security:custom-filter ref="extraFieldAuthenticationProvider"
        before="FORM_LOGIN_FILTER"/>

along with the following: 

<security:form-login login-page="/view/page/login"
        default-target-url="/view/page/display"
        authentication-failure-handler-ref="CustomAuthenticationFailureHandler"
        authentication-success-handler-ref="CustomAuthenticationSuccessHandler"/>

The following is the extraFieldAuthenticationProvider class: 

public class ExtraFieldAuthenticationFilter
        extends UsernamePasswordAuthenticationFilter {
    private final static Logger LOG =
            Logger.getLogger(ExtraFieldAuthenticationFilter.class.getName());

    @Override
    protected String obtainUsername(HttpServletRequest request) {
        String userName = super.obtainUsername(request);
        String type = request.getParameter(WebConstants.PARAM_J__TYPE);
        return StringUtils.join(new String[]{type, userName});
    }
}

The problem is that on an unsuccessful login, I'm getting a Tomcat 401 error. Control is not being given to CustomAuthenticationFailureHandler .

Any ideas plz? (Bdw...I'm relatively new to Spring Security, I'm debugging another person's code)

Thanks a lot!

Krt_Malta

1 answers

solution1
 1  2011-03-24 17:04:08

As a server, we're using a custom server based on Tomcat 6.0.29.

You first need to verify if the problem is with the configuration of your Tomcat server (for example, is Tomcat authentication set up, is it expecting you to present a client certificate ( clientAuth="true" in your Tomcat server configuration), etc.

If you can verify that the control is or isn't getting past initial Tomcat authentication to Spring Security, then there may be a different solution. You haven't provided us with all the relevant code, but it looks like the code is checking for an additional form parameter to be passed along with the authentication request. This would be defined in the WebConstants.PARAM_J__TYPE constant.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question User signup failing with using custom authentication filter in spring security 4.0.1 Generic Authentication Filter in Spring Security used for Authentication Multiple custom authentication with spring security Spring Security - Custom LDAP Authentication spring security custom authentication requirements Spring security authentication through database with custom user Spring security custom authentication provider not working Spring Security Custom Authentication and Password Encoding spring security not able to add custom authentication providers Configuring a Custom LDAP Authentication Provider with Spring Security
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM