Custom authentication provider for portal module only

Hello community!

(This question applies tu CUBA 7.2, I didn’t migrate to JMIX yet.)

I’ve implemented a custom AuthenticationProvider class. It is located in the core module; and as far as I understand, this is the place it belongs. My problem is now: It shall replace the default LoginPasswordAuthenticationProvider, but only in the portal module. It must not be used in the web module.

My naive approach was to add a <bean id="cuba_LoginPasswordLoginProvider" class="my-package-in-core-module.MyAuthProvider"/> to my portal-spring.xml. But this doesn’t work, as the dependency to a core class cannot be resolved by the portal’s bean factory. I cannot move the authentication provider class to the portal module, either, as it inherits from and depends on core module classes.

A can make my custom authentication provider a component of it’s own, which adds it to the authentication provider list (besides the LoginPasswordAuthProvider, not replacing it). But then it’s used in the web module as well, which is not desired. And I cannot find a way to configure which providers to be used in which module, either.

Probably I’m just not seeing the obvious, but I’m stuck here. Can you help me solve this problem?

Thanks in advance!

Hi,

Take a look at this topic. It explains how to create custom PortalConnection which actually calls the AuthenticationService on portal user login.

Maybe you can override one of login methods of the PortalConnection and call your custom authentication logic from there?

Hi Maxim,

thanks for your input. At the end, overriding the PortalConnection appeared as a somewhat heavy approach to me. Therefore, I chose another approach by implementing a custom UsernamePasswordAuthenticationFilter which adds a marker prefix to the username. My custom AuthenticationProvider can then check if this prefix is present in the username. If not, it’s authenticate method just returns null, passing down authentication to the regular authentication chain.

In case anyone has ever a similar problem and wants to implement a custom UsernamePasswordAuthenticationFilter, this is how my filter class looks like:

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import javax.servlet.http.HttpServletRequest;

public class CustomPasswordAuthenticationFilter extends UsernamePasswordAuthenticationFilter {

    @Override
    protected String obtainUsername(HttpServletRequest request) {
        return "marker\u001f" + request.getParameter("login");
    }

    // Overridden in order to auto-wire to portal authentication manager, as it
    // differs from the standard Spring authentication manager.
    @Autowired
    @Qualifier("portalAuthenticationManager")
    @Override
    public void setAuthenticationManager(AuthenticationManager authenticationManager) {
        super.setAuthenticationManager(authenticationManager);
    }

}

Additionally, one has to register the filter as a bean below the root node in the portal-security-spring.xml:

<beans:bean id="my_CustomPasswordAuthenticationFilter"
            class="my.package.CustomPasswordAuthenticationFilter"/>

Last but not least, the filter must be added to the filter chain by adding following node to the <http auto-config="true" ... node in portal-security-spring.xml:

<custom-filter before="FORM_LOGIN_FILTER" ref="my_CustomPasswordAuthenticationFilter"/>
1 Like