Part 1 : Three main pillars in the Spring Security Authentication Mechanism..AbstractAuthenticationProcessingFilter

AbstractAuthenticationProcessingFilter is one of the three pillars
From the Docs
This filter will intercept the request and attempt to perform authentication from it if the request matches the setRequiresAuthenticationRequestMatcher (RequestMatcher).
If the custom url needs to be authenticated one needs to follow the below steps :
Step 1 :
Extend AbstractAuthenticationProcessingFilter and call its constructor passing the custom URL,
public CustomFilter () {
super(CUSTOM_URL);
}
Step 2 :
Override attemptAuthentication to implement custom logic, generally UsernamePasswordAuthentcationToken object is created using the credentials and custom processing is performed eventually authenticating the request using the supplied Authentication Manager.
return this.getAuthenticationManager().authenticate(authenticatonRequest)
Step 3 :
Write a RequestMatcher implementation,
example :
@Override
public boolean matches(HttpServletRequest request)
{
String headerParam = request.getHeader(SOME_HEADER_PARAM);                                                                                   if(headerParam != null) return true;                                                                                                                                                   return false;
}
Step 4 :
Write a custom AuthenticationProvider Implementation, and override authenticate()
example :
@Override
public Authentication authenticate (Authentication authentication) throws AuthenticationException
{  }
The above are some of the things you need to keep in mind while coding a Custom filter for Spring Security.

Comments

Post a Comment

Popular posts from this blog

Java Interview : Threads

Java came up with multi threading long time back, still the kind of response it invokes when this topic raises its head during interviews is not very encouraging. If you have attended an java interview, a couple of suppose to be very smart guys also know as lead developers will shower you with questions on multi threading, grilling you down to make sure what you are talking about, even asking you to write fork-join snippets to solve hadoop use cases. But if you are hired and you write a piece code using executor framework, you will be seen with suspicion generally reserved for people with casual shoes at cocktail parties. So here is post to start out thinking about threads. So a path of execution in java is known as a thread, appropriately an instance of Thread class. The main method runs in its own thread and starts up the program execution. If you implement the Runnable interface, you can run in a thread of you own. The Runnable interface has a run() method you implement your...
Read more

Spring Framework Interview Notes : Part Two Wiring

Image
The Spring container is the guy responsible to get the train moving when working with the Spring framework.  The dependency magic gets the things working by somehow getting all the stuff up and running. Now somehow we need to indicate to the spring container as to where and how to “wire” these beans. Remember these beans are also known as components. Components combine to form the structure and thus make the functionality. The concept of component scanning or component finding comes into the picture, literally searching the applications to find the beans required to create these beans. @ComponentScan is the annotation used by giving the the base packages where these components are defined using annotation or xml . Spring Framework Interview Wiring You can also use Autowiring with its attributes, which finds the beans by-name or by-type and injects them appropriately. @Component, @ComponentScan, @Autowired, @Named,  @Bean  with requires and quali...
Read more

Card Dealer In Java in Less than 5 minutes

Image
Code: package design; import java.util.Collections; import java.util.Stack; public class CardDealer { private int totalPlayers; private static Stack<Card> deck; CardDealer(int players){ totalPlayers=players; deck =  Deck.getCardDeck(); } public static void main(String[] args) { CardDealer cardDealer = new CardDealer(5); cardDealer.dealCards(); } public void dealCards(){ int cardsToPlayer = deck.size()/totalPlayers; for(int i=0;i<cardsToPlayer;i++){ for(int j=1;j<=totalPlayers;j++){ System.out.println("Player:"+j+ " gets "+deck.pop()); } } } private int getPlayers() { return totalPlayers; } }  class Deck{ static Stack<Card> deck = new Stack<Card>(); static Deck d=null; static { d = new Deck(); } public static Stack<Card> getCardDeck(){ return deck; } private Deck(){ populateDeckWithcards(); shuffle(); } pr...
Read more