tags:

views:

23

answers:

2
Q: 

How to test Internet Explorer when using RequestHeaderAuthenticationFilter ?

We're using Spring Security with RequestHeaderAuthenticationFilter, and thus relying on a HTTP header to be set for the user name. On our local machines we don't have the software for authenticating, and thus not the header.

When testing with WebDriver or FireFox we can set the header and test correctly, but when manually testing with Internet Explorer we're not able to set the header value.

Is there a good way to set header values in IE, or a decent way to enable some kind of 'mocking' for the filter in development and test?

A: 

Set the exceptionIfMissingHeader property on your Spring context.

From the javadoc: http://static.springsource.org/spring-security/site/docs/3.0.x/apidocs/org/springframework/security/web/authentication/preauth/RequestHeaderAuthenticationFilter.html

"If the header is missing from the request, getPreAuthenticatedPrincipal will throw an exception. You can override this behaviour by setting the exceptionIfMissingHeader property. "

Frederic Conrotte  2010-09-15 11:29:30
Sorry for the slow response, thought I would get an email when replies was entered. That doesn't really authenticate a user, and I need authtenticated users. If none of the functionality was secured this would work, but not when you need to emulate a login. I ended up doing a lot of hacking to be able to switch betweene header authentication, and a login form. Not too impressed with the internals of Spring Security. It took me quite some time to figure out, and the solution didn't end up very nice.
Anders S  2010-10-08 13:32:29
A: 

I ended up using a Spring Java config with a command line parameter for switching between header authentication, and authenticating with a login form.

It required switching between (mock left, real right):

  • UsernamePasswordAuthenticationFilter and RequestHeaderAuthenticationFilter
  • LoginUrlAuthenticationEntryPoint and Http403ForbiddenEntryPoint
  • DaoAuthenticationProvider and PreAuthenticatedAuthenticationProvider

Not too impressed with the internals of Spring Security, and it took me a good while to figure this out. But if you need to do it, at least those are some pointers.

Anders S  2010-10-08 13:38:47

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java