I was reading about how Authentication works in Spring and found that there are two filters taking care of the Authentication.
AuthenticationProcessingFilter BasicProcessingFilter
So I set breakpoints within BasicProcessingFilter::doFilterHttp and AuthenticationProcessingFilter::attemptAuthentication and AuthenticationProcessingFilterEntryPoint::commence and the program didn't stop at any of them.
Does it mean that my web-application current doesn't have an authentication mechanism at all?
Maybe it has something to do with that I defined a custom resource filter as follows:
<beans:bean id="secureResourceFilter"
class="my.custom.class.CustomSecureResourceFilter">
<beans:property name="jdbcSecuredUrlRoleDao" ref="jdbcSecuredUrlRoleDao" />
</beans:bean>
In my Spring-security configuration I didn't define AuthenticationProcessingFilter and BasicProcessingFilter directly. I just specify
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
in web.xml.
Aucun commentaire:
Enregistrer un commentaire