Spring's AuthenticationProcessingFilter override

Question

Hi,

I'm trying to override AuthenticationProcessingFilter in Spring security. I have done following config in xml:

<security:http access-decision-manager-ref="accessDecisionManager" >
        <security:intercept-url .../>
        <security:form-login login-page='/signin/' authentication-failure-url="/signin/?login_error" default-target-url='/signin/success'/>
        <security:anonymous/>
        <security:logout/>
        <security:remember-me/>
</security:http>

<bean class="myPackage.security.SessionCleanerFilter" >
    <security:custom-filter position="FILTER_SECURITY_INTERCEPTOR" />
    <property name="defaultTargetUrl" value="/signin/success" />
    <property name="authenticationFailureUrl" value="/signin/?login_error" />
    <property name="allowSessionCreation" value="true" />
</bean>

But this fails with lots of exceptions

Error creating bean with name 'myPackage.security.SessionCleanerFilter#0'

due to lack of instatiation properties. I would like them to be default. Do you know how to configure them?

Answer 1

Shouldn't it be:

<security:custom-filter position=“AUTHENTICATION_PROCESSING_FILTER”/>

Answer 2

You also need to disable auto-config:

<security:http auto-config="false" access-decision-manager-ref="accessDecisionManager">

and then, you no longer need the <security:form-login> tag, since you are setting the same properties in your bean.