How to implement login page using Spring Security so that it works with Spring web flow?
Posted
by simon
on Stack Overflow
See other posts from Stack Overflow
or by simon
Published on 2010-05-21T13:33:22Z
Indexed on
2010/05/27
3:51 UTC
Read the original article
Hit count: 455
I have a web application using Spring 2.5.6 and Spring Security 2.0.4. I have implemented a working login page, which authenticates the user against a web service. The authentication is done by defining a custom authentincation manager, like this:
<beans:bean id="customizedFormLoginFilter"
class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter">
<custom-filter position="AUTHENTICATION_PROCESSING_FILTER" />
<beans:property name="defaultTargetUrl" value="/index.do" />
<beans:property name="authenticationFailureUrl" value="/login.do?error=true" />
<beans:property name="authenticationManager" ref="customAuthenticationManager" />
<beans:property name="allowSessionCreation" value="true" />
</beans:bean>
<beans:bean id="customAuthenticationManager"
class="com.sevenp.mobile.samplemgmt.web.security.CustomAuthenticationManager">
<beans:property name="authenticateUrlWs" value="${WS_ENDPOINT_ADDRESS}" />
</beans:bean>
The authentication manager class:
public class CustomAuthenticationManager implements AuthenticationManager, ApplicationContextAware {
@Transactional
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
//authentication logic
return new UsernamePasswordAuthenticationToken(principal, authentication.getCredentials(),
grantedAuthorityArray);
}
The essential part of the login jsp looks like this:
<c:url value="/j_spring_security_check" var="formUrlSecurityCheck"/>
<form method="post" action="${formUrlSecurityCheck}">
<div id="errorArea" class="errorBox">
<c:if test="${not empty param.error}">
${sessionScope["SPRING_SECURITY_LAST_EXCEPTION"].message}
</c:if>
</div>
<label for="loginName">
Username:
<input style="width:125px;" tabindex="1" id="login" name="j_username" />
</label>
<label for="password">
Password:
<input style="width:125px;" tabindex="2" id="password" name="j_password" type="password" />
</label>
<input type="submit" tabindex="3" name="login" class="formButton" value="Login" />
</form>
Now the problem is that the application should use Spring Web Flow. After the application was configured to use Spring Web Flow, the login does not work anymore - the form action to "/j_spring_security_check" results in a blank page without error message. What is the best way to adapt the existing login process so that it works with Spring Web Flow?
© Stack Overflow or respective owner