Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SEC-948: AbstractPreAuthenticatedProcessingFilter needs getAuthenticationManager() function #1205

Closed
spring-issuemaster opened this issue Aug 5, 2008 · 4 comments

Comments

@spring-issuemaster
Copy link

@spring-issuemaster spring-issuemaster commented Aug 5, 2008

Julia López(Migrated from SEC-948) said:

Hi!
I have done a class which extends the X509PreAuthenticatedProcessingFilter. I need all the functions of this class plus the functions of AbstractPreAuthenticatedProcessingFilter.

The problem is that I want to change the method doAuthenticate but it uses the authenticationManager, which is private in the parent class. I would be nice to have a public function in AbstractPreAuthenticatedProcessingFilter class to retrieve the authenticationManager. The solution is really trivial but I think its necessary to someone who wants to extend theses classes.

@spring-issuemaster

This comment has been minimized.

Copy link
Author

@spring-issuemaster spring-issuemaster commented Aug 5, 2008

Luke Taylor said:

doAuthenticate is also private in the base class, so is not part of the API. Could you expand on what you want to achieve?

@spring-issuemaster

This comment has been minimized.

Copy link
Author

@spring-issuemaster spring-issuemaster commented Aug 5, 2008

Julia López said:

Hi!
I will try to explain the best I can, sorry if I make mistakes. English is not my first language.

When I said that I want to modify doAuthenticate method I’m really modifying doFilter method of AbstractPreAuthenticatedProcessingFilter class that uses doAuthenticate function.

I’m trying to integrate a new provider with spring security, this provider needs more information in the authenticationToken that is sent to the provider (as the request IP and one string to save the SAML, which is created for my provider) for this reason I’ve created a my own token. Having my own token implies modify all authentication filters that prepare the token for the authentication. I’ve extended the AuthenticationProcessingFilter and I’ve just modify the attemptAuthentication method that now creates my token and fill it with the ip. Also I’ve extend the BasicAuthenticationFilter and changed the doFilter function to create my token instead of UsernameAndPasswordToken.

Ok, I’m explaining this to introduce what I’m trying to do now. Now, I want to validate user certificates against my provider, for these reason the preauth filter needs to create my specific token instead of PreauthToken (I need the request ip and the user certificate). The function doFilter creates this token but if I want to extend a class from AbstractPreAuthenticatedProcessingFilter and just override doFilter method I need access to the authenticationManager, so I need the getter of it in the parent.

Please, if I’m doing something wrong let me know and if you don’t understand me I will try to make me understand again ;) Thank you!

To more details my provider is TrustedX

@spring-issuemaster

This comment has been minimized.

Copy link
Author

@spring-issuemaster spring-issuemaster commented Aug 5, 2008

Luke Taylor said:

The IP address should already be available from the Authentication.details object (set by the WebAuthenticationDetailsSource) so you shouldn’t need a custom token for this. You would be better to customize the AuthenticationDetailsSource to set the additional information you need (e.g. the SAML) then it can be reused rather than you having to write an extended version of each filter you need.

Regarding X.509, the certificate should be extracted as the “credentials” by default, so it should be available to your authentication provider from the preauth token.

@spring-issuemaster

This comment has been minimized.

Copy link
Author

@spring-issuemaster spring-issuemaster commented Aug 6, 2008

Julia López said:

Thank you for the suggestion! I didn’t realize about the AuthenticationDetailsSource. I’ve done what you said and it works perfect :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
1 participant
You can’t perform that action at this time.