@Override public void init(HttpSecurity http) throws Exception { autowireThis(http); http.logout().addLogoutHandler(logoutHandler); fieldMutator.update( http.formLogin(), "authFilter", AbstractAuthenticationProcessingFilter.class, new UsernamePasswordAuthenticationFilterWrapper() ); http.addFilterBefore(authenticationFilter, UsernamePasswordAuthenticationFilter.class); }
protected AbstractAuthenticationProcessingFilter createCustomFilter() throws Exception { //here we define the interfaces which don't need any authorisation AuthFilter filter = new AuthFilter(new NegatedRequestMatcher( new AndRequestMatcher( new AntPathRequestMatcher("/login"), new AntPathRequestMatcher("/health") ) )); filter.setAuthenticationManager(authenticationManagerBean()); return filter; }
public FormLoginConfigurer<HttpSecurity> addRecaptchaSupport(FormLoginConfigurer<HttpSecurity> loginConfigurer) { Field authFilterField = findField(loginConfigurer.getClass(), AUTHENTICATION_PROCESSING_FILTER_FIELD, AbstractAuthenticationProcessingFilter.class); makeAccessible(authFilterField); setField(authFilterField, loginConfigurer, authenticationFilter); return loginConfigurer.usernameParameter(DEFAULT_USERNAME_PARAMETER) .successHandler(successHandler) .failureHandler(failureHandler); }
@Log void onActivate(String loginError) { if ("error".equals(loginError)) { this.errorMessage = ((Exception) request .getSession(true) .getAttribute(AbstractAuthenticationProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY)) .getMessage(); logger.error(String.format("Error while attempting to login: %s", errorMessage)); } }
@Test public void filterUsesConfiguredFailureHandler() throws Exception { final Field failureHandlerField = AbstractAuthenticationProcessingFilter.class.getDeclaredField("failureHandler"); ReflectionUtils.makeAccessible(failureHandlerField); AuthenticationFailureHandler failureHandler = (AuthenticationFailureHandler) ReflectionUtils.getField(failureHandlerField, filter); assertTrue("failure handler should be a simpleUrlFailureHandler", failureHandler instanceof SimpleUrlAuthenticationFailureHandler); final Field failureUrlField = SimpleUrlAuthenticationFailureHandler.class.getDeclaredField("defaultFailureUrl"); ReflectionUtils.makeAccessible(failureUrlField); String failureUrl = (String) ReflectionUtils.getField(failureUrlField, failureHandler); assertEquals("failure URL should be the configured url", "/oauth/confirm_access", failureUrl); }
protected Filter authenticationFilter() { AbstractAuthenticationProcessingFilter filter = new SecurityContextAuthenticationFilter(SIGNIN_SUCCESS_PATH); SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler(); successHandler.setDefaultTargetUrl("/admin"); filter.setAuthenticationSuccessHandler(successHandler); return filter; }
@Override public AbstractAuthenticationProcessingFilter update(AbstractAuthenticationProcessingFilter filter) { return new WrappedUsernamePasswordAuthenticationFilter( fieldMutator, (UsernamePasswordAuthenticationFilter) filter, authenticationSuccessHandler ); }
public static FormLoginConfigurer<HttpSecurity> hackFormLoginAuthFilter(FormLoginConfigurer<HttpSecurity> formLoginConfig, AbstractAuthenticationProcessingFilter filter){ ReflectUtils.getIntro(FormLoginConfigurer.class).setFieldValue(formLoginConfig, "authFilter", filter); return formLoginConfig; }
private AbstractAuthenticationProcessingFilter createOAuth2Filter(ClientResourceDetails clientDetails, AuthenticationSuccessHandler successHandler, String path) { CustomOAuthAuthenticationProcessingFilter oauthFilter = new CustomOAuthAuthenticationProcessingFilter(path, clientDetails, jsonMessageConverter); oauthFilter.setAuthenticationSuccessHandler(successHandler); return oauthFilter; }