Spring Security : Bypass login form

Question

I want to bypass the login form for a Spring webflow (Spring 2.0.5) application under certain scenarios (so the login form is presented for normal users but when the URL is

Answer 1

I did something similar with Spring Security 3 and I think it should be possible with older versions too. I've modified my code, so it fits your situation. You might need to work out some of the details, but it should provide you with the basic idea.

You can handle it using a filter:

public class MyAuthenticationFilter extends DelegatingFilterProxy
{
    public void doFilter ...
    {
            String username = request.getParameter("username");
            String password = request.getParameter("password");

            // build authentication token for user
            final Authentication auth = new UsernamePasswordAuthenticationToken(...);
            auth.setAuthenticated(true);

            // set authentication in context
            SecurityContextHolder.getContext().setAuthentication(auth);
    }

In your web.xml:

<filter>
    <filter-name>myAuthenticationFilter</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
    <filter-name>myAuthenticationFilter</filter-name>
    <url-pattern>/fakelogin*</url-pattern>
</filter-mapping>

In your spring.xml:

<bean id="myAuthenticationFilter" class=... />

Another option would be to allow all users to access fakeLogin

<intercept-url pattern="/fakelogin/**" access="permitAll" />

and put the Authentication into the security context in a Web Flow Action.