0

In my application, I just want to authenticate two access token, one is in my 'Authorization barer header' and other is from a custom header. I just implemented a custom authenticator/filter for the same but while running it failed due to a null pointer as the dependency injection failed.

code snippet is given below

  private XOauth2Authenticationfilter customAuthenticator=new XOauth2Authenticationfilter();
        @Override
        public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
            resources.resourceId(resourceId);
            resources.authenticationEntryPoint(authenticationEntryPoint);
            resources.authenticationManager(customAuthenticator);

            //super.configure(resources);
        }

        @Override
        public void configure(HttpSecurity httpSecurity) throws Exception {
            httpSecurity.csrf().disable();
            httpSecurity.authorizeRequests().anyRequest().authenticated().and().addFilterAfter(customAuthenticator,SecurityContextPersistenceFilter.class);
            httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);


            //super.configure(httpSecurity);
        }

My custom authenticator do filter() is given below

public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
            throws IOException, ServletException {

        List<Authentication> authList = tokenExtractor.extract((HttpServletRequest) req);

        if(authList!=null)
        {
            for (Authentication authenticate : authList) {

                authenticate(authenticate,(HttpServletRequest) req);
            }
        }
        chain.doFilter(req, res);
    }

    private void authenticate(Authentication authentication,HttpServletRequest request ) {
        final boolean debug = logger.isDebugEnabled();
        if (authentication == null) {
            if (stateless && isAuthenticated()) {
                if (debug) {
                    logger.debug("Clearing security context.");
                }
                SecurityContextHolder.clearContext();
            }
            if (debug) {
                logger.debug("No token in request, will continue chain.");
            }
        }
        else {
            request.setAttribute(OAuth2AuthenticationDetails.ACCESS_TOKEN_VALUE, authentication.getPrincipal());
            if (authentication instanceof AbstractAuthenticationToken) {
                AbstractAuthenticationToken needsDetails = (AbstractAuthenticationToken) authentication;
                needsDetails.setDetails(authenticationDetailsSource.buildDetails(request));
            }
            Authentication authResult = authenticationManager.authenticate(authentication);

            if (debug) {
                logger.debug("Authentication success: " + authResult);
            }

            eventPublisher.publishAuthenticationSuccess(authResult);
            SecurityContextHolder.getContext().setAuthentication(authResult);

        }

    }

But while executing I am getting a null pointer at

Authentication authResult = authenticationManager.authenticate(authentication);

What I could do to implement a custom authenticator?

Anoop M Nair
  • 1,057
  • 1
  • 13
  • 31
  • customAuthenticator is the instance of XOauth2Authenticationfilter, so how can you set it into authenticationManager()?? – Afridi May 11 '17 at 05:21
  • @afridi I didn't get your point.My custom authenticator class declaration is given below public class XOauth2Authenticationfilter extends OAuth2AuthenticationManager implements Filter,InitializingBean{ – Anoop M Nair May 11 '17 at 07:37
  • I think "XOauth2Authenticationfilter " is working as both AutheticationManager as well as AuthenticationFilter, isn't? – Afridi May 11 '17 at 07:56
  • and if so, then how you have injected "authenticationManager"? – Afridi May 11 '17 at 07:56
  • Yes @afridi you are correct.My custom authentication manager is working fine and perfectly injected in OAuth2AuthenticationProcessingFilter but when comes to my filter the injection failed – Anoop M Nair May 11 '17 at 07:58
  • injection happening @ this line resources.authenticationManager(customAuthenticator); – Anoop M Nair May 11 '17 at 07:59
  • Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/143943/discussion-between-anp-and-afridi). – Anoop M Nair May 11 '17 at 08:03
  • try to replace private XOauth2Authenticationfilter customAuthenticator=new XOauth2Authenticationfilter(); with @Autowired private XOauth2Authenticationfilter customAuthenticator; – Afridi May 11 '17 at 08:10

0 Answers0