Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Combination of UsernamePasswordAuthenticationFilter and form login not working in SB 3.x that worked in SB2 #13620

Closed
ottlinger opened this issue Aug 7, 2023 · 4 comments
Closed

Combination of UsernamePasswordAuthenticationFilter and form login not working in SB 3.x that worked in SB2 #13620

ottlinger opened this issue Aug 7, 2023 · 4 comments
Assignees
@sjohnr
Labels
for: stackoverflow A question that's better suited to stackoverflow.com

Comments

@ottlinger
Copy link

Context

I do use a UsernamePasswordAuthenticationFilter with 3 login parts (tenant, username, password) in combination with a form-based login. This worked perfectly fine in SB2 / 2.7.14.

When I tried to migrate to SB 3.x the login stopped working at all. I'm unable to login/logout.

Reproducer app

I've extracted the main application parts into a separate project:
sb3-filter-problem

The submodule sb2 contains the working SB2 application (2.7.14), while sb3 uses SB 3.2.0-M1.
I followed the docs to configure the login. As the way the authenticationManager is wired in changed, I use an my AbstractHttpConfigurer to add the filter.
Apart from that a SimpleUrlLogoutSuccessHandler is used to perform actions upon logout.

Further information and quicklinks into the example app can be found in its README

Quicklinks to show the difference between SB2 and SB3

Description SB2 - 2.7.14 SB3 - 3.2.0-M1 Status SB2 Status SB3
ApplicationUser to encapsulate tenant, user, password for login ApplicationUser ApplicationUser 👍 working 👍 working
LoginTenantAuthenticationFilter (UsernamePasswordAuthenticationFilter) to extract data upon login LoginTenantAuthenticationFilter LoginTenantAuthenticationFilter 👍 working 👍 working
Filter configuration AuthenticationConfiguration Sb3CustomDsl 👍 working 🔥 not working
Authentication configuration AuthenticationConfiguration AuthenticationConfiguration 👍 working 🔥 not working
SimpleUrlLogoutSuccessHandler to trigger actions upon logout LeaveEventsUponLogoutSuccessHandler LeaveEventsUponLogoutSuccessHandler 👍 working 🔥 not working

Steps already taken

I already tried to submit a StackOverflow question, but unfortunately no working answers were provided. If I remove the configuration of the form-based login, the app does not show any login screen anymore.

As I'm unable to find any reference to a working example that combines a separate 3-part-login and form-based user authentication I file this issue. Maybe there has been a regression or just a lack of documentation, which my reproducer app may provide.

Thanks for any feedback and I'm willing to contribute my reproducer app in case it helps other users to avoid the problems I'm facing at the moment.
@ottlinger ottlinger added status: waiting-for-triage An issue we've not yet triaged type: bug A general bug labels Aug 7, 2023
@ottlinger ottlinger mentioned this issue Aug 7, 2023
Closed
@ottlinger ottlinger mentioned this issue Aug 16, 2023
Closed
@ottlinger ottlinger mentioned this issue Jan 20, 2024
Open
@sjohnr
Copy link
Member

sjohnr commented Jun 5, 2024

Question appears answered per update.

@sjohnr sjohnr closed this as completed Jun 5, 2024
@sjohnr sjohnr self-assigned this Jun 5, 2024
@sjohnr sjohnr added for: stackoverflow A question that's better suited to stackoverflow.com and removed status: waiting-for-triage An issue we've not yet triaged type: bug A general bug labels Jun 5, 2024
@ottlinger
Copy link
Author

@sjohnr If you have a closer a look at the changes it should be clear, that this is most probably still a bug on the spring-side, but I assume that not a great many of people work with the extension of the UsernamePasswordFilter and thus may run into the troubles that I've experienced.
As usual the docs do not cover the use case that extends the filtering mechanism and thus exposes the problem that the underlying securityContextRepository is wrongly wired and blocks authentication.

@sjohnr
Copy link
Member

sjohnr commented Jun 6, 2024

I'm sorry to hear you are having trouble extending UsernamePasswordAuthenticationFilter for your needs @ottlinger.

this is most probably still a bug on the spring-side

If you believe there is a bug, please write it up clearly and concisely. This issue was asked as a question on stackoverflow, which points to a GitHub repository containing months of history and discovery and a note that the issue was solved. Please take those learnings and distill it into a minimal, reproducible sample to demonstrate any bug you have found.

As usual the docs do not cover the use case that extends the filtering mechanism

I'm not sure what's meant by this comment but please be constructive in your feedback as we always strive to improve the documentation and constructive feedback is more helpful than criticism. If you feel an improvement can be made, please be specific and provide suggestions for improvement.

@ottlinger
Copy link
Author

@sjohnr sorry for the misunderstanding - the motivation behind this whole project was to show the difference between SB2 and SB3. When I tried to file bugs with spring-boot these tickets were closed within minutes, which led me to the conclusion that no-one read the example app or had a look at the code itself.
This led to a certain level of frustration on my side as I was not able to solve my problem until the contribution from GlenErrands.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sjohnr sjohnr

Labels
for: stackoverflow A question that's better suited to stackoverflow.com
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ottlinger @sjohnr