Giters

spring-projects / spring-security

Spring Security

Home Page:http://spring.io/projects/spring-security

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Combination of UsernamePasswordAuthenticationFilter and form login not working in SB 3.x that worked in SB2

ottlinger opened this issue Β· comments

commented

Context

I do use a UsernamePasswordAuthenticationFilter with 3 login parts (tenant, username, password) in combination with a form-based login. This worked perfectly fine in SB2 / 2.7.14.

When I tried to migrate to SB 3.x the login stopped working at all. I'm unable to login/logout.

Reproducer app

I've extracted the main application parts into a separate project:
sb3-filter-problem

The submodule sb2 contains the working SB2 application (2.7.14), while sb3 uses SB 3.2.0-M1.
I followed the docs to configure the login. As the way the authenticationManager is wired in changed, I use an my AbstractHttpConfigurer to add the filter.
Apart from that a SimpleUrlLogoutSuccessHandler is used to perform actions upon logout.

Further information and quicklinks into the example app can be found in its README

Quicklinks to show the difference between SB2 and SB3

Description SB2 - 2.7.14 SB3 - 3.2.0-M1 Status SB2 Status SB3
ApplicationUser to encapsulate tenant, user, password for login ApplicationUser ApplicationUser πŸ‘ working πŸ‘ working
LoginTenantAuthenticationFilter (UsernamePasswordAuthenticationFilter) to extract data upon login LoginTenantAuthenticationFilter LoginTenantAuthenticationFilter πŸ‘ working πŸ‘ working
Filter configuration AuthenticationConfiguration Sb3CustomDsl πŸ‘ working πŸ”₯ not working
Authentication configuration AuthenticationConfiguration AuthenticationConfiguration πŸ‘ working πŸ”₯ not working
SimpleUrlLogoutSuccessHandler to trigger actions upon logout LeaveEventsUponLogoutSuccessHandler LeaveEventsUponLogoutSuccessHandler πŸ‘ working πŸ”₯ not working

Steps already taken

I already tried to submit a StackOverflow question, but unfortunately no working answers were provided. If I remove the configuration of the form-based login, the app does not show any login screen anymore.

As I'm unable to find any reference to a working example that combines a separate 3-part-login and form-based user authentication I file this issue. Maybe there has been a regression or just a lack of documentation, which my reproducer app may provide.

Thanks for any feedback and I'm willing to contribute my reproducer app in case it helps other users to avoid the problems I'm facing at the moment.