I have a web application which uses spring security to authenticate the user. My application is using a custom authentication entry point.
e.g MyCustomAuthenticationEntryPoint (which extends LoginUrlAuthenticationEntryPoint).
Below is spring security config snippet:
In this I have overridden determineUrlToUseForThisRequest() method to give my login screen urls.
All works fine if I login successfully. ie, if I login successfully, then this entry point (MyCustomAuthenticationEntryPoint ) is not caller again as I am already authenticated. If I am not authenticated then this entry point is called to trigger spring security authentication processing.
Now I have a SSO requirement. The requirement is that in certain scenario, authentication will be done externally and I do not have to authenticate the user again. I have implemented a filter as below :
Issue: Even after I set the authentication in SecurityContextHolder.getContext().setAuthentication() , even then my MyCustomAuthenticationEntryPoint. I think this should not be called as I have implemented pre-authentication.
Can anyone help why this might be happening?
I am using spring security 3.0.