Jan 29th, 2011, 11:02 PM
I am currently implementing a web application using Spring Security 3.1. During the authentication process, I need do be able to do the following:
- Validate that the user name provided exists in a pre-existing table
- Check whether the user record is flagged for LDAP authentication
- YES: Do LDAP Authentication
- NO: Compare password against the password field of the user
- After authentication succeeds, roles/permissions/rights need to be sourced from a set of tables in a database.
I want to use the built in LDAP support from Spring without having to write my own obviously. I also want to be able to leverage querying my database for the user domain object and all the role/permissions domain objects using Hibernate.
How would I need to implement this? My own Authentication provider? My own user service?
Jan 30th, 2011, 06:24 AM
I would write a custom AuthenticationProvider. You could probably reuse the functionality from BindAuthenticator directly and do the rest of the database access in your AuthenticationProvider class.
Jan 30th, 2011, 08:05 AM
If you need to re-use the existing Spring Security support for LDAP, you can check this simple guide at http://krams915.blogspot.com/2011/01...sing-ldap.html
Though this isn't entirely solves your issue, this would probably give you a good start.
Feb 8th, 2011, 12:09 PM
So I followed Luke's advice and wrote my own custom AuthenticationProvider that extends the AbstractUserDetailsAuthenticationProvider class.
As I understand this implementation, my retrieveUser() method is to collect and create a UserDetails derived object. So my user service which I call handles this for me and returns a custom extended UserDetails object.
then in the additionalAuthenticationChecks() method, this is where I want to take the provided password and compare it against the user table if and only if the user record is to be validated against the the local database. If the "ldapUser" flag is set on the user detail object, then I need to bind the user to LDAP.
Unfortunately, I am unclear on how to use the BindAuthenticator to do this. Can someone offer some suggestions?
Feb 9th, 2011, 09:54 AM
Try looking at the unit tests for BindAuthenticator.