Skip to Content
author's profile photo Former Member
Former Member

Can't able to Override the Spring Security configuration which is defined in the Core cockpit extension

HI Experts,

I'm trying to override the spring security configuration which was defined in the core cockpit-spring-security.xml. The following is the code snippet,

     <security:session-management session-authentication-strategy-ref="fixation" />
     <security:anonymous key="cockpitAnonymous" username="anonymousUser" granted-authority="ROLE_ANONYMOUS" />
     <security:intercept-url pattern="/login.zul" access="IS_AUTHENTICATED_ANONYMOUSLY" />
     <security:intercept-url pattern="/zkau/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
     <security:intercept-url pattern="/**" access="IS_AUTHENTICATED_REMEMBERED" />
     <security:remember-me services-ref="rememberMeServices" key="cockpit" />
     <security:logout logout-success-url="/index.zul" />
     <security:form-login always-use-default-target="false" login-page="/login.zul" authentication-failure-url="/login.zul?login_error=1" />
 </security:http>

The main reason to override the above configuration is to call my custom code on productcockpit login page, therefore I placed the above code in the productcockpit-spring-security.xml under my "mycustomcockpits/resources/productcockpit" extension and called my "AuthenticationSuccessHandler", which is the standard way of doing in hybris world with respect to spring context as follows,

productcockpit-spring-security.xml :-

     <security:session-management session-authentication-strategy-ref="fixation" />
     <security:anonymous key="cockpitAnonymous" username="anonymousUser" granted-authority="ROLE_ANONYMOUS" />
     <security:intercept-url pattern="/login.zul" access="IS_AUTHENTICATED_ANONYMOUSLY" />
     <security:intercept-url pattern="/zkau/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
     <security:intercept-url pattern="/**" access="IS_AUTHENTICATED_REMEMBERED" />
     <security:remember-me services-ref="rememberMeServices" key="cockpit" />
     <security:logout logout-success-url="/index.zul" />
     <security:form-login always-use-default-target="false" login-page="/login.zul" authentication-failure-url="/login.zul?login_error=1"  authentication-success-handler-ref="mycustomAuthenticationSuccessHandler"/>
 </security:http>


     <aop:scoped-proxy/>


As you can see the only change I added was “authentication-success-handler-ref" in the

But after adding this configuration, I can't able to access productcockpit login page anymore, which means the configuration which I added didn't overridden the core configuration functionality, and also I tried to add mycustom configuration directly in the core cockpit-spring-security.xml and guess what this eventually worked out, but this approach is not the feasible way to do it.

I looked in all possible sources to solve this issue but couldn't find the right approach to do. So, please, let me know is there any extra configuration that I'm missing here or any other lead would be helpful to resolve this issue ASAP

Add a comment
10|10000 characters needed characters exceeded

Related questions

3 Answers

  • author's profile photo Former Member
    Former Member
    Posted on Sep 15, 2015 at 09:55 PM

    HI Jonas,

    thanks for the reply, yes I defined the bean "mycustomAuthenticationSuccessHandler" in the productcockpit-spring-security.xml, under my "customcockpits" extension, but still the problem exist. any other leads can be helpful.

    PS: I updated my code snippet too for better understanding.

    cheers

    teja
    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Sep 15, 2015 at 09:47 PM
    -1

    Hi Teja,

    Please ensure you're defining <bean id="mycustomAuthenticationSuccessHandler" class="com.mypack.auth"> in cockpit-spring-security.xml.

    Cheers,

    Jonas.

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Sep 15, 2015 at 10:38 PM
    -1

    Hi Teja,

    Maybe some other extension is loading the same configuration after yours.

    Check the enabled extensions in config/localextensions.xml setting similar configurations in their *spring-security.xml, then for every extension set <require-extension name="xxxx" /> in your extensioninfo.xml

    Cheers,

    Jonas.

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.