Results 1 to 5 of 5

Thread: Authentication Providers

  1. Jan 29th, 2011, 11:02 PM #1
    crancran
    crancran is offline Junior Member
    Join Date
    Dec 2010
    Posts
    27

    Default Authentication Providers

    I am currently implementing a web application using Spring Security 3.1. During the authentication process, I need do be able to do the following:

    1. Validate that the user name provided exists in a pre-existing table
    2. Check whether the user record is flagged for LDAP authentication
      1. YES: Do LDAP Authentication
      2. NO: Compare password against the password field of the user
    3. After authentication succeeds, roles/permissions/rights need to be sourced from a set of tables in a database.


    I want to use the built in LDAP support from Spring without having to write my own obviously. I also want to be able to leverage querying my database for the user domain object and all the role/permissions domain objects using Hibernate.

    How would I need to implement this? My own Authentication provider? My own user service?
    Reply With Quote Reply With Quote
  2. Jan 30th, 2011, 06:24 AM #2
    Luke Taylor
    Luke Taylor is offline Senior Member Acegi Security System TeamSpring Team
    Join Date
    Aug 2004
    Location
    Glasgow, Scotland
    Posts
    3,449

    Default

    I would write a custom AuthenticationProvider. You could probably reuse the functionality from BindAuthenticator directly and do the rest of the database access in your AuthenticationProvider class.
    Spring - by Pivotal
    twitter @tekul
    Reply With Quote Reply With Quote
  3. Jan 30th, 2011, 08:05 AM #3
    skram
    skram is offline Senior Member
    Join Date
    Dec 2010
    Posts
    315

    Default

    If you need to re-use the existing Spring Security support for LDAP, you can check this simple guide at http://krams915.blogspot.com/2011/01...sing-ldap.html

    Though this isn't entirely solves your issue, this would probably give you a good start.
    Reply With Quote Reply With Quote
  4. Feb 8th, 2011, 12:09 PM #4
    crancran
    crancran is offline Junior Member
    Join Date
    Dec 2010
    Posts
    27

    Default

    So I followed Luke's advice and wrote my own custom AuthenticationProvider that extends the AbstractUserDetailsAuthenticationProvider class.

    As I understand this implementation, my retrieveUser() method is to collect and create a UserDetails derived object. So my user service which I call handles this for me and returns a custom extended UserDetails object.

    then in the additionalAuthenticationChecks() method, this is where I want to take the provided password and compare it against the user table if and only if the user record is to be validated against the the local database. If the "ldapUser" flag is set on the user detail object, then I need to bind the user to LDAP.

    Unfortunately, I am unclear on how to use the BindAuthenticator to do this. Can someone offer some suggestions?
    Reply With Quote Reply With Quote
  5. Feb 9th, 2011, 09:54 AM #5
    Luke Taylor
    Luke Taylor is offline Senior Member Acegi Security System TeamSpring Team
    Join Date
    Aug 2004
    Location
    Glasgow, Scotland
    Posts
    3,449

    Default

    Try looking at the unit tests for BindAuthenticator.
    Spring - by Pivotal
    twitter @tekul
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules