Details
-
Bug
-
Resolution: Obsolete
-
High
-
None
-
2.0.7
-
None
Description
I am using spring-security-core-2.0.4 with springframework-2.5.
> I am using atlassain crowd for authentication and authorization.
> One thing I found in my com.atlassian.crowd.integration.springsecurity.user.CrowdUserDetails class is, the below getter throws exception always if there is a request to get the password. For me in my code I am not doing anything explicitly to get the password infact I dont want that. The Crowd SpringSecurityConnector is the one who is trying to get the password for remember me purpose. For me http autoconfig is set to true. I tried a lot find out the way to disable remember me functionality; but no luck. Please gimme some inputs..
> public String getPassword()
>
> I do not want this remember me functionality; is there a way to disable the same???
> i am getting the below exception on valid credentials
> > java.lang.UnsupportedOperationException: Not giving you the password
> > at com.atlassian.crowd.integration.springsecurity.user.CrowdUserDetails.getPassword(CrowdUserDetails.java:52)
> > at org.springframework.security.providers.dao.DaoAuthenticationProvider.additionalAuthenticationChecks(DaoAuthenticationProvider.java:67)
> > at org.springframework.security.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:137)
> > at org.springframework.security.providers.ProviderManager.doAuthentication(ProviderManager.java:188)
> > at org.springframework.security.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:46)
> > at org.springframework.security.ui.basicauth.BasicProcessingFilter.doFilterHttp(BasicProcessingFilter.java:139)
> > at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
> > at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
> > at org.springframework.security.ui.AbstractProcessingFilter.doFilterHttp(AbstractProcessingFilter.java:277)
> > at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
> > at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
> > at org.springframework.security.ui.logout.LogoutFilter.doFilterHttp(LogoutFilter.java:89)
> > at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
> > at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
> > at org.springframework.security.context.HttpSessionContextIntegrationFilter.doFilterHttp(HttpSessionContextIntegrationFilter.java:235)
> > at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
> > at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
> > at org.springframework.security.util.FilterChainProxy.doFilter(FilterChainProxy.java:175)
> > at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:183)
> > at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:138)
> > at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
> > at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.doIt(WebAppServletContext.java:3684)
> > at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3650)
> > at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
> > at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
> > at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2268)
> > at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2174)
> > at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1446)
> > at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
> > at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
My configuration in applicationContext-security.xml is as below
> > <?xml version="1.0" encoding="UTF-8"?> <beans:beans
> > xmlns="http://www.springframework.org/schema/security"
> > xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> > xsi:schemaLocation="http://www.springframework.org/schema/beans
> > http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
> > http://www.springframework.org/schema/security
> > http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">
> > <http auto-config="true">
> > <intercept-url pattern='/login.htm*' filters='none' />
> > <intercept-url pattern='/superPackage.htm*' access='ROLE_USER' />
> > <form-login login-page='/login.htm' authentication-failure-url="/login.htm?error=1"/>
> > </http>
> > <authentication-provider user-service-ref="crowdUserDetailsService"></authentication-provider>
> > <beans:bean id="crowdUserDetailsService"
> > class="com.atlassian.crowd.integration.springsecurity.user.CrowdUserDetailsServiceImpl">
> > <beans:property name="authenticationManager" ref="crowdAuthenticationManager" />
> > <beans:property name="groupMembershipManager" ref="crowdGroupMembershipManager" />
> > <beans:property name="userManager" ref="crowdUserManager" />
> > <beans:property name="authorityPrefix" value="ROLE_" />
> > </beans:bean>
> > <beans:bean id="crowdAuthenticationProvider"
> > class="com.atlassian.crowd.integration.springsecurity.RemoteCrowdAuthenticationProvider">
> > <custom-authentication-provider />
> > <beans:constructor-arg ref="crowdAuthenticationManager" />
> > <beans:constructor-arg ref="httpAuthenticator" />
> > <beans:constructor-arg ref="crowdUserDetailsService" />
> > </beans:bean>
> > </beans:beans>
Attachments
Issue Links
- is superseded by
-
CWD-1807 Spring Security 3.0 Integration tutorial
- Closed
