authentication - PreAuthentication with Spring Security -> Based on URL parameters

Question

The customer want to have the following scenario:

Customer hands out link (webapp address) with 2 parameters to the webapp user. Based on these variables the user will take on specific roles in the webapp. I don't want any authorization in it. There should only be the authentication check which looks at these url parameters and checks if they are valid and will connect the user to the appropriate role.

How can I realize this?! Is there already a solution available?

Thanks!

regards Matthias

Answer 1

I already solved the problem. For those who are interested ....

web.xml

<!-- ===== SPRING CONFIG ===== -->
<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

<listener>
    <listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
        /WEB-INF/applicationContext.xml
        /WEB-INF/applicationContext-security.xml
    </param-value>
</context-param>

applicationContext.xml

<context:component-scan base-package="at.beko.rainstar2" />

<tx:annotation-driven transaction-manager="transactionManager" />

applicationContext-security.xml

<!-- Configuring security not finished!! -->
<http create-session="never" use-expressions="true" auto-config="false"
    entry-point-ref="preAuthenticatedProcessingFilterEntryPoint">
    <intercept-url pattern="/authError.xhtml" access="permitAll" />
    <intercept-url pattern="/**" access="hasRole('ROLE_USER')" />
    <custom-filter position="PRE_AUTH_FILTER" ref="preAuthFilter" />
    <session-management session-fixation-protection="none" />
</http>

<beans:bean id="userDetailsServiceImpl"
    class="at.beko.rainstar2.service.impl.UserDetailsServiceImpl" />

<beans:bean id="preAuthenticatedProcessingFilterEntryPoint"
    class="at.beko.rainstar2.model.LinkForbiddenEntryPoint" />

<beans:bean id="preAuthenticationProvider"
    class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
    <beans:property name="preAuthenticatedUserDetailsService"
        ref="userDetailsServiceImpl" />
</beans:bean>

<beans:bean id="preAuthFilter"
    class="at.beko.rainstar2.service.filter.UrlParametersAuthenticationFilter">
    <beans:property name="authenticationManager" ref="appControlAuthenticationManager" />
</beans:bean>

<authentication-manager alias="appControlAuthenticationManager">
    <authentication-provider ref="preAuthenticationProvider" />
</authentication-manager>

LinkForbiddenEntryPoint.java

public class LinkForbiddenEntryPoint implements AuthenticationEntryPoint {

@Override
public void commence(HttpServletRequest request,
        HttpServletResponse response, AuthenticationException authException)
        throws IOException, ServletException {
    HttpServletResponse httpResponse = (HttpServletResponse) response;
    httpResponse.sendRedirect("/rainstar2-webapp/authError.xhtml");
}

}

UrlParametersAuthenticationFilter.java

public class UrlParametersAuthenticationFilter extends
    AbstractPreAuthenticatedProcessingFilter {

@Override
protected Object getPreAuthenticatedPrincipal(HttpServletRequest request) {
    if (request.getParameterMap().size() == 2) {
        return true;
    }
    return false;
}

@Override
protected Object getPreAuthenticatedCredentials(HttpServletRequest request) {
    String[] credentials = new String[2];
    credentials[0] = request.getParameter("param1");
    credentials[1] = request.getParameter("param2");
    return credentials;
}

}

UserDetailsServiceImpl.java

@SuppressWarnings("deprecation")
public class UserDetailsServiceImpl implements
    AuthenticationUserDetailsService<Authentication> {

@Override
public UserDetails loadUserDetails(Authentication token)
        throws UsernameNotFoundException {
    UserDetails userDetails = null;

            String[] credentials = (String[]) token.getPrincipal();
    boolean principal = Boolean.valueOf(token.getCredentials().toString());

    if (credentials != null && principal == true) {
        String name = credentials[0];
        if ("admin".equalsIgnoreCase(name)) {
            userDetails = getAdminUser(name);
        } else if ("h?ndler".equalsIgnoreCase(name)) {
            userDetails = getRetailerUser(name);
        } else if ("user".equalsIgnoreCase(name)) {
            userDetails = getUserUser(name);
        }
    }

    if (userDetails == null) {
        throw new UsernameNotFoundException("Could not load user : "
                + token.getName());
    }

    return userDetails;
}

private UserDetails getAdminUser(String username) {
    Collection<GrantedAuthority> grantedAuthorities = new ArrayList<GrantedAuthority>();
    grantedAuthorities.add(new GrantedAuthorityImpl("ROLE_USER"));
    grantedAuthorities.add(new GrantedAuthorityImpl("ROLE_RETAILER"));
    grantedAuthorities.add(new GrantedAuthorityImpl("ROLE_ADMIN"));
    return new User(username, "notused", true, true, true, true,
            grantedAuthorities);
}

private UserDetails getRetailerUser(String username) {
    Collection<GrantedAuthority> grantedAuthorities = new ArrayList<GrantedAuthority>();
    grantedAuthorities.add(new GrantedAuthorityImpl("ROLE_USER"));
    grantedAuthorities.add(new GrantedAuthorityImpl("ROLE_RETAILER"));
    return new User(username, "notused", true, true, true, true,
            grantedAuthorities);
}

private UserDetails getUserUser(String username) {
    Collection<GrantedAuthority> grantedAuthorities = new ArrayList<GrantedAuthority>();
    grantedAuthorities.add(new GrantedAuthorityImpl("ROLE_USER"));
    return new User(username, "notused", true, true, true, true,
            grantedAuthorities);
}

}