Combination of UsernamePasswordAuthenticationFilter and form login not working in SB 3.x that worked in SB2
ottlinger opened this issue Β· comments
Context
I do use a UsernamePasswordAuthenticationFilter with 3 login parts (tenant, username, password) in combination with a form-based login. This worked perfectly fine in SB2 / 2.7.14.
When I tried to migrate to SB 3.x the login stopped working at all. I'm unable to login/logout.
Reproducer app
I've extracted the main application parts into a separate project:
sb3-filter-problem
The submodule sb2 contains the working SB2 application (2.7.14), while sb3 uses SB 3.2.0-M1.
I followed the docs to configure the login. As the way the authenticationManager is wired in changed, I use an my AbstractHttpConfigurer to add the filter.
Apart from that a SimpleUrlLogoutSuccessHandler is used to perform actions upon logout.
Further information and quicklinks into the example app can be found in its README
Quicklinks to show the difference between SB2 and SB3
Description | SB2 - 2.7.14 | SB3 - 3.2.0-M1 | Status SB2 | Status SB3 |
---|---|---|---|---|
ApplicationUser to encapsulate tenant, user, password for login | ApplicationUser | ApplicationUser | π working | π working |
LoginTenantAuthenticationFilter (UsernamePasswordAuthenticationFilter) to extract data upon login | LoginTenantAuthenticationFilter | LoginTenantAuthenticationFilter | π working | π working |
Filter configuration | AuthenticationConfiguration | Sb3CustomDsl | π working | π₯ not working |
Authentication configuration | AuthenticationConfiguration | AuthenticationConfiguration | π working | π₯ not working |
SimpleUrlLogoutSuccessHandler to trigger actions upon logout | LeaveEventsUponLogoutSuccessHandler | LeaveEventsUponLogoutSuccessHandler | π working | π₯ not working |
Steps already taken
I already tried to submit a StackOverflow question, but unfortunately no working answers were provided. If I remove the configuration of the form-based login, the app does not show any login screen anymore.
As I'm unable to find any reference to a working example that combines a separate 3-part-login and form-based user authentication I file this issue. Maybe there has been a regression or just a lack of documentation, which my reproducer app may provide.
Thanks for any feedback and I'm willing to contribute my reproducer app in case it helps other users to avoid the problems I'm facing at the moment.