I have managed the login function in my application with Spring Security. I'm doing that with the two default parameters (username and password) and it's work properly.
However, I need to add an extra parameter in the login function, but I'm having problems doing that.
In SecurityConfig.java, I have added the filter and it's calling when submit button is pressed.
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/","/index","/login","/work", "/css/**","/out/**", "/js/**","/images/**","/fonts/**").permitAll()
.anyRequest().authenticated()
.and()
.formLogin().loginPage("/login").defaultSuccessUrl("/home")
.permitAll()
.and().logout().permitAll().and()
.csrf().disable();
http.addFilterBefore(new ExUsernamePasswordAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
}
}
Then, my own filter. I'm getting the new parameter(Company) value properly:
@Override
public Authentication attemptAuthentication(HttpServletRequest request,
HttpServletResponse response) throws AuthenticationException {
String dbValue = request.getParameter("Company");
request.getSession().setAttribute("dbValue", dbValue);
return super.attemptAuthentication(request, response);
}
I'm having the problem when super.attemptAuthentication(request, response); is called, I'm getting null pointer.
Error:
java.lang.NullPointerException org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:93)
es.smt.startrekweb.filter.ExUsernamePasswordAuthenticationFilter.attemptAuthentication(ExUsernamePasswordAuthenticationFilter.java:35)
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:217)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:120)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:91)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:53)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
This is the code where I'm having the null pointer in UsernamePasswordAuthenticationFilter.java
return this.getAuthenticationManager().authenticate(authRequest);
Also, I can see in my debugger the next information
contextBeforeChainExecution = {SecurityContextImpl@5989} "org.springframework.security.core.context.SecurityContextImpl@ffffffff: Null authentication"
authentication = null
Does anyone know what I'm doing wrong?? Thanks!!
解决方案
You have added a filter by using new :
new ExUsernamePasswordAuthenticationFilter()
so it does not have anything autowired.
that makes the this.getAuthenticationManager() return null.
if all you need is to pass the request parameter to an attribute - you don't need to extend UsernamePasswordAuthenticationFilter.
Note that you only add a filter and did not replace it.