Wrox Programmer Forums
Go Back   Wrox Programmer Forums > Java > Java Open Source > BOOK: Beginning Spring
|
BOOK: Beginning Spring
This is the forum to discuss the Wrox book Beginning Spring by Mert Caliskan, Kenan Sevindik; ISBN: 978-1-118-89292-3
Welcome to the p2p.wrox.com Forums.

You are currently viewing the BOOK: Beginning Spring section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old April 22nd, 2015, 07:12 AM
Registered User
 
Join Date: Apr 2015
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Default self contradiction in book .. security filter chain

Hello.

according to figure 12-1 on p.335, "FilterSecurityInterceptor" is the last filter to get "called" when a user requests a secured resource..in particular after "UsernamePasswordAuthenticationFilter".

However, according to fig 12.4/12.5 on p 343,
FilterSecurityInterceptor gets called (near the start, in particular) before UsernamePasswordAuthenticationFilter.

Which is correct?
Are one or both of these diagrams incorrect?

Thanks in advance for the clarification
 
Old September 27th, 2015, 01:19 PM
Registered User
 
Join Date: Sep 2015
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by dec1 View Post
Hello.

according to figure 12-1 on p.335, "FilterSecurityInterceptor" is the last filter to get "called" when a user requests a secured resource..in particular after "UsernamePasswordAuthenticationFilter".

However, according to fig 12.4/12.5 on p 343,
FilterSecurityInterceptor gets called (near the start, in particular) before UsernamePasswordAuthenticationFilter.

Which is correct?
Are one or both of these diagrams incorrect?

Thanks in advance for the clarification
Both diagrams are correct, and FilterSecurityInterceptor is the last in the chain. In those diagrams we try to show what is going on during authentication process, and they actually contain two different request flows. In the first request flow, user tries to access a secure resource (editor.jsp), and request flows through various Spring Security Filters in the chain, and hit at FilterSecurityInterceptor at last. FilterSecurityInterceptor raises an AccessDeniedException, which causes a login page to be rendered. In the second request flow, user submits the login form, and request again flows through the filter chain. However, this time before it reaches at the FilterSecurityInterceptor, it is processed by UsernamePasswordAuthenticationFilter and login process gets executed.

Hope this explanation made some things clearer





Similar Threads
Thread Thread Starter Forum Replies Last Post
Appointment Book Security Database afuentes BOOK: ASP.NET 2.0 Instant Results ISBN: 978-0-471-74951-6 11 November 15th, 2008 08:37 AM
Chain Select Menu with ASP chame Classic ASP Basics 1 May 1st, 2008 06:18 PM
Creating "chain" of DropDownLists DolphinBay ASP.NET 1.0 and 1.1 Professional 0 December 2nd, 2005 07:45 PM
Creating a "Chain" of DropDownLists DolphinBay ASP.NET 2.0 Professional 1 December 2nd, 2005 07:45 PM
Book Title: JAVA Security Stephen Lam BOOK: Access 2003 VBA Programmer's Reference 1 April 6th, 2005 03:54 AM





Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.