Spring Security
  1. Spring Security
  2. SEC-1440

Allow setting of separate entry-point-ref for http-basic namespace element

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Major Major
    • Resolution: Complete
    • Affects Version/s: 3.0.2
    • Fix Version/s: 3.0.3, 3.1.0.M1
    • Component/s: Namespace
    • Labels:
      None

      Description

      After migration to Spring Secuiry 3.0 (from 2.0), our custom EntryPoint, which overrides BasicAuthenticataionEntryPoint, is not being called anymore.
      After some debugging, I think the problem is that BasicAuthenticationFilter catches authentication exception, and then it uses its own BasicAuthenticationEntryPoint (the one which is actually created in "createBasicFilter" method from schema builder), instead of delegating to the main, customized entry point declared in "entry-point-ref" attribute.
      See more detailed description on Spring forum http://forum.springsource.org/showthread.php?p=289354.

        Activity

        Hide
        Luke Taylor added a comment -

        I'm not sure this is actually a bug, since this behaviour may be desired in many situations. For example, if basic and form authentication are both being used, then it may be desirable to override the form-login entry point used by the ExceptionTranslation filter, but you would not want a failed basic authentication to result in a redirect to a login page. Possibly we should add an entry-point-ref attribute to the http-basic element, as the two are really independent.

        Show
        Luke Taylor added a comment - I'm not sure this is actually a bug, since this behaviour may be desired in many situations. For example, if basic and form authentication are both being used, then it may be desirable to override the form-login entry point used by the ExceptionTranslation filter, but you would not want a failed basic authentication to result in a redirect to a login page. Possibly we should add an entry-point-ref attribute to the http-basic element, as the two are really independent.
        Hide
        Grzegorz Borkowski added a comment -

        Yes, I agree that in some cases this behavior can be desired, but sometimes (like in my case) it's just opposite. Definitely, adding entry-point-ref to http-basic element would solve the problem. I hope it will be fixed soon, because it's quite serious problem for us at this moment.

        Show
        Grzegorz Borkowski added a comment - Yes, I agree that in some cases this behavior can be desired, but sometimes (like in my case) it's just opposite. Definitely, adding entry-point-ref to http-basic element would solve the problem. I hope it will be fixed soon, because it's quite serious problem for us at this moment.
        Hide
        Luke Taylor added a comment -

        If it's a pressing problem, you can easily workaround it by using an explicit BasicAuthenticationFilter. Alternatively, you could set it using a BeanFactoryPostProcessor.

        Since a namespace change is required, the entry-point-ref change would most likely go into 3.1.

        Show
        Luke Taylor added a comment - If it's a pressing problem, you can easily workaround it by using an explicit BasicAuthenticationFilter. Alternatively, you could set it using a BeanFactoryPostProcessor. Since a namespace change is required, the entry-point-ref change would most likely go into 3.1.
        Hide
        Grzegorz Borkowski added a comment -

        I see. When 3.1 is expected to be released?

        Show
        Grzegorz Borkowski added a comment - I see. When 3.1 is expected to be released?
        Hide
        Luke Taylor added a comment -

        There isn't a specific date at the moment, but it will be later this year, some time after Spring 3.1 is released.

        Show
        Luke Taylor added a comment - There isn't a specific date at the moment, but it will be later this year, some time after Spring 3.1 is released.
        Hide
        Luke Taylor added a comment - - edited

        Ok, I've made the changes to both branches, introducing a 3.0.3 namespace schema, which should allow you to use this without waiting for 3.1.

        Show
        Luke Taylor added a comment - - edited Ok, I've made the changes to both branches, introducing a 3.0.3 namespace schema, which should allow you to use this without waiting for 3.1.
        Hide
        Grzegorz Borkowski added a comment -

        That's good news.

        Show
        Grzegorz Borkowski added a comment - That's good news.

          People

          • Assignee:
            Luke Taylor
            Reporter:
            Grzegorz Borkowski
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: