cancel
Showing results for 
Search instead for 
Did you mean: 

Can't able to Override the Spring Security configuration which is defined in the Core cockpit extension

Former Member
0 Kudos

HI Experts,

I'm trying to override the spring security configuration which was defined in the core cockpit-spring-security.xml. The following is the code snippet,

     <security:session-management session-authentication-strategy-ref="fixation" />
     <security:anonymous key="cockpitAnonymous" username="anonymousUser" granted-authority="ROLE_ANONYMOUS" />
     <security:intercept-url pattern="/login.zul" access="IS_AUTHENTICATED_ANONYMOUSLY" />
     <security:intercept-url pattern="/zkau/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
     <security:intercept-url pattern="/**" access="IS_AUTHENTICATED_REMEMBERED" />
     <security:remember-me services-ref="rememberMeServices" key="cockpit" />
     <security:logout logout-success-url="/index.zul" />
     <security:form-login always-use-default-target="false" login-page="/login.zul" authentication-failure-url="/login.zul?login_error=1" />
 </security:http>

The main reason to override the above configuration is to call my custom code on productcockpit login page, therefore I placed the above code in the productcockpit-spring-security.xml under my "mycustomcockpits/resources/productcockpit" extension and called my "AuthenticationSuccessHandler", which is the standard way of doing in hybris world with respect to spring context as follows,

productcockpit-spring-security.xml :-

     <security:session-management session-authentication-strategy-ref="fixation" />
     <security:anonymous key="cockpitAnonymous" username="anonymousUser" granted-authority="ROLE_ANONYMOUS" />
     <security:intercept-url pattern="/login.zul" access="IS_AUTHENTICATED_ANONYMOUSLY" />
     <security:intercept-url pattern="/zkau/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
     <security:intercept-url pattern="/**" access="IS_AUTHENTICATED_REMEMBERED" />
     <security:remember-me services-ref="rememberMeServices" key="cockpit" />
     <security:logout logout-success-url="/index.zul" />
     <security:form-login always-use-default-target="false" login-page="/login.zul" authentication-failure-url="/login.zul?login_error=1"  authentication-success-handler-ref="mycustomAuthenticationSuccessHandler"/>
 </security:http>


     <aop:scoped-proxy/>


As you can see the only change I added was “authentication-success-handler-ref" in the

But after adding this configuration, I can't able to access productcockpit login page anymore, which means the configuration which I added didn't overridden the core configuration functionality, and also I tried to add mycustom configuration directly in the core cockpit-spring-security.xml and guess what this eventually worked out, but this approach is not the feasible way to do it.

I looked in all possible sources to solve this issue but couldn't find the right approach to do. So, please, let me know is there any extra configuration that I'm missing here or any other lead would be helpful to resolve this issue ASAP

Accepted Solutions (0)

Answers (3)

Answers (3)

Former Member
0 Kudos

Hi Teja,

Maybe some other extension is loading the same configuration after yours.

Check the enabled extensions in config/localextensions.xml setting similar configurations in their *spring-security.xml, then for every extension set <require-extension name="xxxx" /> in your extensioninfo.xml

Cheers,

Jonas.

Former Member
0 Kudos

HI Jonas,

thanks for the reply, yes I defined the bean "mycustomAuthenticationSuccessHandler" in the productcockpit-spring-security.xml, under my "customcockpits" extension, but still the problem exist. any other leads can be helpful.

PS: I updated my code snippet too for better understanding.

cheers

teja
Former Member
0 Kudos

Hi Teja,

Please ensure you're defining <bean id="mycustomAuthenticationSuccessHandler" class="com.mypack.auth"> in cockpit-spring-security.xml.

Cheers,

Jonas.