Olá pessoal, estou tentando usar um Custom WebAuthenticationDetails no meu spring security… preciso de informações que estao na request, se alguem souber outro modo de colocar no objeto Authentication, informações enviadas no post de login, eu aceito…
Para solucionar fiz um custom filter, que em resumo muda o meu WebAuthenticationDetails para um que eu criei… segue o que fiz
[code]
public class DefaultUsernamePasswordAuthenticationFilter
extends UsernamePasswordAuthenticationFilter {
public DefaultUsernamePasswordAuthenticationFilter() {
((WebAuthenticationDetailsSource)this.authenticationDetailsSource)
.setClazz(DefaultWebAuthenticationDetails.class);
}
}[/code]
o problema é que depois que coloquei o custom filter recebo a msg de erro ao tentar levantar a applicação
[quote]org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: Filter beans ‘<customUsernamePasswordAuthenticationFilter>’ and ‘Root bean: class [org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null’ have the same ‘order’ value. When using custom filters, please make sure the positions do not conflict with default filters. Alternatively you can disable the default filters by removing the corresponding child elements from <http> and avoiding the use of <http auto-config=‘true’>.
Offending resource: ServletContext resource [/WEB-INF/applicationContext-security.xml][/quote]
Obs.: se eu tirar o custom-filter o sistema funciona normalmente, o problema é quando tento utilizar o custom filter
segue o xml onde registrei o bean… como podem ver, o auto-config esta como false, mesmo assim ele da a mensagem dizendo que tenho que dar avoid no auto-config=true
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
">
<global-method-security pre-post-annotations="enabled" jsr250-annotations="enabled" access-decision-manager-ref="defaultDecisionManager" >
</global-method-security>
<aop:aspectj-autoproxy proxy-target-class="true" />
<http auto-config="false" use-expressions="true" entry-point-ref="loginUrlAuthenticationEntryPoint" >
<custom-filter ref="customUsernamePasswordAuthenticationFilter" position="FORM_LOGIN_FILTER" />
<form-login login-page="/login" login-processing-url="/login_check" />
<logout success-handler-ref="defaultLogoutSuccessHandler" logout-url="/logout" invalidate-session="false" />
<remember-me />
<session-management ><!--invalid-session-url="/timeout.jsp"-->
<concurrency-control max-sessions="1" error-if-maximum-exceeded="false" />
</session-management>
</http>
<authentication-manager alias="authenticationManager" >
<authentication-provider ref="defaultAuthenticationProvider" user-service-ref="defaultUserDetailService" >
</authentication-provider>
</authentication-manager>
<beans:bean id="defaultAuthenticationProvider" class="br.com.integrativa.ieventos.security.DefaultAuthenticationProvider" />
<beans:bean id="customUsernamePasswordAuthenticationFilter"
class="br.com.integrativa.ieventos.security.DefaultUsernamePasswordAuthenticationFilter" >
<beans:property name="authenticationManager" ref="authenticationManager" />
<beans:property name="authenticationFailureHandler" ref="failureHandler" />
<beans:property name="authenticationSuccessHandler" ref="successHandler" />
</beans:bean>
<beans:bean id="loginUrlAuthenticationEntryPoint"
class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<beans:property name="loginFormUrl" value="/login" />
</beans:bean>
<beans:bean id="successHandler" class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
<beans:property name="defaultTargetUrl" value="/login" />
</beans:bean>
<beans:bean id="failureHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler" >
<beans:property name="defaultFailureUrl" value="/login?login_error=true" />
</beans:bean>