In my application I’ve implemented X.509 authentication
I created the following class named X509AuthenticationFilter that extends
AbstractPreAuthenticatedProcessingFilter provided by spring security by default.
I added my own AuthenticationManager to the class
private AuthenticationManager authenticationManager
And also included the following setter
public void setAuthenticationManager(AuthenticationManager authenticationManager)
{
this.authenticationManager = authenticationManager;
}
The bean is initialized in the spring-security.xml like so:
<beans:bean id="x509AuthenticationFilter" class="com.example.sec.x509.X509AuthenticationFilter">
<beans:property name="authenticationManager" ref="authenticationManager"/>
</beans:bean>
The bean named authenticationManager does exist and it’s present in the spring context.
However, given such configuration I get the following startup error:
An AuthenticationManager must be set
For some reason the AuthenticationManager is deliberately set to null in the superclass. Later on afterPropertiesSet() gets called and unfortunately throws the exception.
The only workaround I came up with is changing the setter in my own class to the following:
public void setAuthenticationManager(AuthenticationManager authenticationManager)
{
super.setAuthenticationManager(authenticationManager);
this.authenticationManager = authenticationManager;
}
Is there a better solution?
Advertisement
Answer
I added my own AuthenticationManager to the class
So you effectively shadowed existing authenticationManager instance declared in AbstractPreAuthenticatedProcessingFilter.
If you don’t need to access AuthenticationManager from within your X509AuthenticationFilter, just don’t declare it. If you do, you will have to call super setter as you’re already doing.
Maybe authenticationManager should be declared protected in AbstractPreAuthenticatedProcessingFilter, which would resolve this situation cleanly …