Implementing a custom authentication filter and error handling

0

Hi,

I have introduced a filter to do some internal SSO authentication which is working fine. This filter is required to print a custom message on failure for which I have a failure URL. The bean is:
 

<bean class="org.quwic.itms.bi.js.sso.SsoAuthenticationFilter" id="ssoAuthenticationFilter">
 
	        <property name="authenticationManager" ref="authenticationManager">
 
	        <property name="authenticationFailureUrl" value="/sso_error.html">
 
	</property></property></bean>


This filter is doing a redirect like httpResponse.sendRedirect(httpResponse.encodeRedirectURL("/jasperserver/sso_error.html"));

I have added /sso_error.html in applicationContext-security-web.xml's bean filterInvocationInterceptor to force anonymous resource something like below:
 

<bean class="org.springframework.security.intercept.web.FilterSecurityInterceptor" id="filterInvocationInterceptor">
 
	        <property name="authenticationManager"><ref bean="authenticationManager"></ref></property>
 
	        <property name="accessDecisionManager"><ref bean="httpRequestAccessDecisionManager"></ref></property>
 
	        <!-- <property name="runAsManager"><ref bean="runAsManager"/></property>  -->
 
	        <property name="objectDefinitionSource">
 
	            <value>
 
	                CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
 
	                PATTERN_TYPE_APACHE_ANT
 
	                /login.html=ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMINISTRATOR
 
	                /logout.html=ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMINISTRATOR,IS_AUTHENTICATED_FULLY
 
	                /loginerror.html=ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMINISTRATOR
 
	                /error.html=ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMINISTRATOR
 
	                /sso_error.html=ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMINISTRATOR
 
	                /exituser.html=ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMINISTRATOR,IS_AUTHENTICATED_FULLY
 
	                /home.html=ROLE_USER,ROLE_ADMINISTRATOR
 
	                /flow.html=ROLE_USER,ROLE_ADMINISTRATOR
 
	                /loginsuccess.html=ROLE_USER,ROLE_ADMINISTRATOR
 
	                /listolapviews.html=ROLE_USER,ROLE_ADMINISTRATOR
 
	                /fillparams.html=ROLE_USER,ROLE_ADMINISTRATOR
 
	                /j_spring_switch_user*=ROLE_ADMINISTRATOR
 
	                /fileview/**=ROLE_USER,ROLE_ADMINISTRATOR
 
	                /olap/**=ROLE_USER,ROLE_ADMINISTRATOR
 
	                /xmla=ROLE_USER,ROLE_ADMINISTRATOR
 
	                /services/**=ROLE_USER,ROLE_ADMINISTRATOR
 
	                /reportimage/**=ROLE_USER,ROLE_ADMINISTRATOR
 
	                /jrpxml/**=ROLE_USER,ROLE_ADMINISTRATOR
 
	                /heartbeatinfo.html=ROLE_USER,ROLE_ADMINISTRATOR
 
	                /rest/**=ROLE_USER,ROLE_ADMINISTRATOR
 
	            </value>
 
	        </property>
 
	</bean>


I have added this in jasperserver-servlet.xml to resolve to controller and view.
 

<bean class="org.springframework.beans.factory.config.PropertiesFactoryBean" id="urlHandlerMapping">
 
	    <property name="properties">
 
	      <props>
 
	        <!--note: any new anonymous or user pages must be added<br />
	                     to the filterInvocationInterceptor bean in applicationContext-security.xml<br />
	                     All other pages require ROLE_ADMINISTRATOR to access-->
 
	        <prop key="/fileview/**">jsFileViewContr</prop>
 
	        <!--anonymous pages-->
 
	        <prop key="/login.html">jsCommContr</prop>
 
	        <prop key="/logout.html">jsCommContr</prop>
 
	        <prop key="/exituser.html">jsCommContr</prop>
 
	        <prop key="/loginerror.html">jsCommContr</prop>
 
	        <prop key="/error.html">jsCommContr</prop>
 
	        <!-- SSO anonymous page -->
 
	        <prop key="/sso_error.html">ssoContr</prop>
 
	        .
 
	        .
 
	        .        
 
	    </props>
 
	  </property>
 
	</bean>


<bean class="org.quwic.itms.bi.sso.controller.SsoController" id="ssoContr">
 
	</bean>


This controller extends AbstractController to return a simple ModelAndView like below:

@Override
protected ModelAndView handleRequestInternal(
    HttpServletRequest httpservletrequest,
    HttpServletResponse httpservletresponse) throws Exception {
    return new ModelAndView("modules/ssoError");
}


When some error is encountered in my filter it calls the url /jasperserver/sso_error.html which gives status 404. The log file says

2013-01-16 23:29:51,470  WARN PageNotFound,http-8081-1:1077 - No mapping found for HTTP request with URI [/jasperserver/sso_error.html] in DispatcherServlet with name 'jasperserver'

Could you please advise what am I missing in this configuration.

Thanks,

 

 

atiquek_1's picture
Joined: Nov 7 2012 - 2:10am
Last seen: 6 years 5 months ago

0 Answers:

No answers yet
Feedback
randomness