Authentication filter does not work anymore in 3.7

[tboerkel]

HI!

We had a working authentication filter in JS 3.1. It was doing 2 things:

1. Authenticating a user with our auth system and making the user log into JS without entering login data on the JS login page. It was using the shadow users feature.

2. Authorization of running reports by asking our auth system if the report path is allowed for this user.

Both things do not work anymore in 3.7 (I guess also in 3.5, but we skipped 3.5).

Our filter implements Filter, InitializingBean and implements:
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)

1. Authentication
This code made the user log in and use the ROLE_USER in 3.1, when SecurityContextHolder.getContext().getAuthentication() was NULL:

        getExternalUserService().maintainInternalUser(userDetails, new GrantedAuthority[0]);
        getExternalUserService().makeUserLoggedIn(userData.userName);
 

For 3.7 in single organization mode, I had to provide a GrantedAuthority (ROLE_USER) and then it worked. But I do not get it working in multi organization mode, because one of the following filters apparantly says access denied. If I do not call chain.doFilter(request, response), then I get a blank page instead. I tried requesting ROLE_USER and ROLE_USER|organization and I tried to add this role to the user and vice versa and setting the tenantId on role and user and enabling the user and so on.

2. Authorization
When SecurityContextHolder.getContext().getAuthentication() was != NULL, then our code did:

      resource = request.getParameter("resource");
      if (resource != null) {
        if (resource.startsWith("/reports")) {
          // ask our system

But resource is always NULL in 3.7. So, how to get the path of the report in the repository, that is to be executed in this moment?

Our filter is defined like this in applicationsContext-security.xml:

/**=httpSessionContextIntegrationFilter,${bean.loggingFilter},${bean.userPreferencesFilter},CustomAuthenticationFilter,...

<bean class="com.apag.p2plus.p2reports.AuthenticationFilter" id="CustomAuthenticationFilter">
    <property name="externalUserService">
      <ref bean="userAuthorityService"/>
    </property>
  </bean>
</beans>

Any hints would be greatly appreciated. The 3.5 auth cookbook did not help in our case.

Thanks!

Regards,
Thomas

[tboerkel]

I solved part 2.

The parameter for the report path is now named "reportUnit".