java - PreAuthenticatedAuthenticationProvider UsernameNotFound exception returns 401 instead of denied page -


i use spring 4.1.6.release , spring-security 4.0.1.release.

there requestheaderauthenticationfilter , preauthenticatedauthenticationprovider. want application show 'denied' page, if user service throws usernamenotfoundexception. actually, application shows basic http authorization form (simple browser popup credentials) , provides 401 response if cancelled.

here configuration:

<s:http auto-config="true" use-expressions="true">     <s:intercept-url pattern="/report/**" access="hasrole('role_user')"/>     <s:csrf disabled="true"/>     <s:custom-filter ref="preauthfilter" position="pre_auth_filter"/>     <s:form-login             authentication-failure-url="/denied.jsp"/> </s:http>  <b:bean id="preauthfilter" class="org.springframework.security.web.authentication.preauth.requestheaderauthenticationfilter">     <b:property name="principalrequestheader" value="remote_user"/>     <b:property name="authenticationmanager" ref="authmanager"/> </b:bean>  <s:authentication-manager id="authmanager">     <s:authentication-provider user-service-ref="userdetailsservice"/> </s:authentication-manager>  <b:bean id="userdetailsservice" class="com.db.dump.tool.security.userdetailsserviceimpl"/>

class userdetailsserviceimpl checks user db , throws usernamenotfoundexception if user not found. maybe here problem? please, advise.

thanks in advance, alex

this behaviour due exceptiontranslationfilter translating final exception as:

access denied (user anonymous); redirecting authentication entry point

user anonymous because userdetailsservice threw exception. getting 401 response because has been implemented way in basicauthenticationentrypoint acts authentication entry point in case of non xmlhttprequest (your case) anonymous user principal.

in case wish show access denied page instead (not giving anonymous user chance authenticate), need plug in own authenticationentrypoint using entry-point-ref attribute on http element (and may let accessdeniedhandler come picture). resulting implmentation this:

import static javax.servlet.http.httpservletresponse.sc_forbidden; import java.io.ioexception; import javax.servlet.servletexception; import javax.servlet.http.httpservletrequest; import javax.servlet.http.httpservletresponse; import org.springframework.security.core.authenticationexception;  public class customauthentrypoint implements authenticationentrypoint {     @override     public void commence(httpservletrequest request, httpservletresponse response,         authenticationexception authexception) throws ioexception, servletexception {         response.setstatus(sc_forbidden); /* can call access denied handler here , let handle meaningful exception pass handle method. */     } }

ps: of course you'll need configure new authentication entry point spring bean before starts working.


Comments

Post a Comment

Popular posts from this blog

javascript - Using jquery append to add option values into a select element not working -

i'm looking dynamically populate select element names of items stored array. for reason it's not working , i'm not sure why. html: <div class="col-md-4 col-md-offset-4"> <select class="select1"> </select> , <select class="select2"> </select> </div> note i'm using bootstrap layout. here's jquery i'm using try , populate ".select1" jquery: select: function() { $.each(state.greens, function(index, value) { $(".select1").append("<option value =' " + index + " '>" + state.greens[index].name + "</option>"); }); } note function 'select' stored within object called 'display'. state.greens name of array i'm trying access. so @ end of html page call display.select(); call function. no error messages showing in console. also, saw question: appending
Read more

Android soft keyboard reverts to default keyboard on orientation change -

i'm building android soft keyboard , can't seem fix bug - have arabic , qwerty keyboard , when rotate device on qwerty keyboard (or arabic shift), it's if program has "restarted" , becomes arabic keyboard without shift. the onsaveinstancestate(bundle savedinstancestate) not work because application not extend activity inputmethodservice . i put following in android manifest android:configchanges="keyboard|keyboardhidden|orientation" android:windowsoftinputmode="stateunchanged|adjustresize"> i tried using @override public void onconfigurationchanged(configuration newconfig) { super.onconfigurationchanged(newconfig); log.i(mydebug, "config changed " + currentkeyboard.equals(qwerty)); } however, currentkeyboard.equals(qwerty)) results false , made sure true before orientation change. any appreciated. i think applications fault. if application restarting on orientation change
Read more

jquery - javascript onscroll fade same class but with different div -

i new @ javascript , want learn new. there wrong code : why div fades @ same time. i want ask how fade different div s same class name.can me , explain me. thanks in advance. javascript: $(window).scroll(function(){ if ($( "div.fade" ).offset().top - $(window).scrolltop() <= 100){ $('.fade').addclass( "fade-in"); } else { $('.fade').removeclass("fade-in"); } }); here jsfiddle onscroll = function () { var scrolltop = $(this).scrolltop() ; $("div.fade").each(function(){ if(($(this).offset().top - scrolltop) <= 100){ $(this).toggleclass("fade-in"); } }) }
Read more