Untitled

...
        .and()
            .formLogin()
                .successHandler(myAuthenticationSuccessHandler)
                .failureHandler(myAuthenticationFailureHandler)
                .usernameParameter(... some code ...)
                .passwordParameter(... some code ...)
                .loginProcessingUrl(... some code ...)
        .and()
            .logout()
                .invalidateHttpSession(true)
                .deleteCookies("JSESSIONID")
                .logoutUrl(... some code ...)
                .logoutSuccessHandler(noRedirectLogoutSuccessHandler)
        .and()
            .httpBasic()
        .and()
            .exceptionHandling().authenticationEntryPoint(restAuthenticationEntryPoint)
        .and()
            .addFilterBefore(new HmacAuthorizationFilter(), UsernamePasswordAuthenticationFilter.class)
...

import java.io.IOException;
import java.util.Arrays;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.InternalAuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.session.SessionRegistry;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.session.ChangeSessionIdAuthenticationStrategy;
import org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy;
import org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy;
import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy;
import org.springframework.security.web.util.matcher.RequestMatcher;

import mx.i4b.sisintadmin.sec.WebSecurityConfig.RestWebSecurityConfigurationAdapter;
import mx.i4b.sisintadmin.service.CryptoService;
import mx.i4b.sisintadmin.util.EntityHelper;
import mx.i4b.sisintadmin.util.Util;

public class HmacAuthorizationFilter extends UsernamePasswordAuthenticationFilter /*AbstractAuthenticationProcessingFilter*/ {

    @SuppressWarnings("unused")
    private final Logger logger = LoggerFactory.getLogger(getClass());

    public HmacAuthorizationFilter() {
        super();
        setRequiresAuthenticationRequestMatcher(authMatcher());
    }

    protected RequestMatcher authMatcher() {
        return new RequestMatcher() {
            @Override
            public boolean matches(HttpServletRequest request) {
                boolean result = true;
                result = result && Util.isDiferenteVacio(request.getHeader("Authorization"));
                result = result && Util.isDiferenteVacio(request.getHeader("Date"));
                return result;
            }
        };
    }

    @Override
    public Authentication attemptAuthentication(HttpServletRequest request,
            HttpServletResponse response)
                    throws AuthenticationException {

        // Get authorization header
        String credentials = request.getHeader("Authorization");

        // get timestamp
        String timestamp = request.getHeader("Date");

        // If there's not credentials or date, return...
        if ((credentials == null) || (timestamp == null)) {
            return null;
        }

----- some code ----

        HmacAuthorizationToken token = cryptoService.createHmacAutorizationToken(... some code ...);

        token.setDetails(authenticationDetailsSource.buildDetails(request));

        //FIXME FIND OUT WHY this.getAuthenticationManager() IS NULL USING @Autowired
        AuthenticationManager authenticationManager = EntityHelper.getAuthenticationManager();

        Authentication result = authenticationManager.authenticate(token);


        ////////////////////////////////////////////////////////////////////
        //// Session configuration                                     /////
        ////////////////////////////////////////////////////////////////////

        SessionRegistry sessionRegistry = EntityHelper.getSessionRegistry();

        ConcurrentSessionControlAuthenticationStrategy cscas =
                new ConcurrentSessionControlAuthenticationStrategy(sessionRegistry);

        ChangeSessionIdAuthenticationStrategy csias = new ChangeSessionIdAuthenticationStrategy();

        RegisterSessionAuthenticationStrategy rsas =
                new RegisterSessionAuthenticationStrategy(sessionRegistry);

        CompositeSessionAuthenticationStrategy sessionAuthenticationStrategy =
                new CompositeSessionAuthenticationStrategy(Arrays.asList(cscas, csias, rsas));

        sessionAuthenticationStrategy.onAuthentication(result, request, response);


        SecurityContextHolder.getContext().setAuthentication(result);


        this.setAuthenticationSuccessHandler(
                RestWebSecurityConfigurationAdapter.myAuthenticationSuccessHandler);

        this.setAuthenticationFailureHandler(
                RestWebSecurityConfigurationAdapter.myAuthenticationFailureHandler);

        //this.setContinueChainBeforeSuccessfulAuthentication(true);

        return result;
    }


}

public static AuthenticationManager getAuthenticationManager() {

    AuthenticationManager authenticationManager =
            getContext().getBean(AuthenticationManager.class);

    if (authenticationManager == null) {
        final Logger logger = LoggerFactory.getLogger(EntityHelper.class);
        logger.error("**************************************** EN EntityHelper RECEIVED AuthenticationManager NULL ****************************************");
    }

    return authenticationManager;
}

2016-06-21 18:48:53,427 DEBUG [http-nio-8084-exec-3] (ProviderManager.java:152) - Authentication attempt using some.package.sec.HmacAuthenticationProvider
2016-06-21 18:48:53,427 DEBUG [http-nio-8084-exec-3] (HmacAuthenticationProvider.java:101) - retrieveUser HMAC . LOGIN username: ---- SOME CODE ---- desde la IP: 0:0:0:0:0:0:0:1
2016-06-21 18:48:53,691  INFO [http-nio-8084-exec-3] (UsuarioServiceImpl.java:1398) - LOGIN username: ---- SOME CODE ---- desde la IP: 0:0:0:0:0:0:0:1, Exitoso
2016-06-21 18:48:53,780  INFO [http-nio-8084-exec-3] (AuditListener.java:42) - AuditEvent [timestamp=Tue Jun 21 18:48:53 CDT 2016, principal=---- SOME CODE ----, type=AUTHENTICATION_SUCCESS, data={details=org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null}]
2016-06-21 18:48:53,785 DEBUG [http-nio-8084-exec-3] (CompositeSessionAuthenticationStrategy.java:81) - Delegating to org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy@51652639
2016-06-21 18:48:53,786 DEBUG [http-nio-8084-exec-3] (CompositeSessionAuthenticationStrategy.java:81) - Delegating to org.springframework.security.web.authentication.session.ChangeSessionIdAuthenticationStrategy@47b091ee
2016-06-21 18:48:53,786 DEBUG [http-nio-8084-exec-3] (CompositeSessionAuthenticationStrategy.java:81) - Delegating to org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy@193cc507
2016-06-21 18:48:53,787 DEBUG [http-nio-8084-exec-3] (HttpSessionEventPublisher.java:66) - Publishing event: org.springframework.security.web.session.HttpSessionCreatedEvent[source=org.apache.catalina.session.StandardSessionFacade@64ab5b82]
2016-06-21 18:48:53,788 DEBUG [http-nio-8084-exec-3] (SessionRegistryImpl.java:107) - Registering session 8A4D0A8AF99E7F74D6CFCD3DDAC86522, for principal some.package.sec.AppUserDetails@4476b273: Username: ---- SOME CODE ----; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_MAIN_USER
2016-06-21 18:48:53,788 DEBUG [http-nio-8084-exec-3] (AbstractAuthenticationProcessingFilter.java:319) - Authentication success. Updating SecurityContextHolder to contain: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@2588dcdb: Principal: some.package.sec.AppUserDetails@4476b273: Username: ---- SOME CODE ----; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_MAIN_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_MAIN_USER
2016-06-21 18:48:53,789 DEBUG [http-nio-8084-exec-3] (HttpSessionSecurityContextRepository.java:327) - SecurityContext stored to HttpSession: 'org.springframework.security.core.context.SecurityContextImpl@2588dcdb: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@2588dcdb: Principal: some.package.sec.AppUserDetails@4476b273: Username: ---- SOME CODE ----; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_MAIN_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_MAIN_USER'
2016-06-21 18:48:53,790 DEBUG [http-nio-8084-exec-3] (SecurityContextPersistenceFilter.java:97) - SecurityContextHolder now cleared, as request processing completed