Results 1 to 4 of 4

Thread: Spring Acegi Security how can i get the password entered (j_password)

Hybrid View

  1. May 23rd, 2011, 02:38 AM #1
    denis13
    denis13 is offline Junior Member
    Join Date
    May 2011
    Posts
    2

    Unhappy Spring Acegi Security how can i get the password entered (j_password)

    Hi,

    I'm using the Acegi Security.
    I have a problem because the authentification in my company is outsourced with a WebService.
    This WS have 2 arguments : login and password.

    I would like to get the current password (sPassword in the example) into the loadByUserName(String login) method of my own class UserDetailsService, where userManagerService call my authentification WS :
    Code:
    ...
public UserDetails loadUserByUsername(String login) {
		logger.info("Trying to Load the User with login: " + login + " and password PROTECTED from database and LDAP directory");
		try {
			logger.info("Searching the user with login: " + login + " in database");

			UserMetierImpl user = userManagerService.authenticateAndHabilitate(login, sPassword);

			...

			logger.debug("Create User for acegi features for User with login: " + login);
			org.acegisecurity.userdetails.User acegiUser = new org.acegisecurity.userdetails.User( login, user.getPasswordUser(), true, true, true, true, arrayAuths);
			logger.info("user with login: " + login + " authenticated");

			return acegiUser;
		} catch (DataAccessException e) {
			logger.error("Cannot retrieve Data from Database server : " + e.getMessage() + ". Authentication failed for user " + login);
			throw new UsernameNotFoundException("user not found", e);
		}
	}
    I don't have any access to the LDAP directory.

    Someone know how can I do ?

    Thanks in advance,

    Denis
    Reply With Quote Reply With Quote
  2. May 23rd, 2011, 03:18 AM #2
    Marten Deinum
    Marten Deinum is offline Senior Member
    Join Date
    Jun 2006
    Location
    The Netherlands
    Posts
    13,624

    Default

    As the method name already gives away you only have the username.

    Instead of using a UserService you need to write your own AuthenticationProvider instead of using the DaoAuthenticationProvider (which uses the UserDetailsService). That way you have access to the username and password.
    Marten Deinum
    Java Consultant / Pragmatist / Open Source Enthousiast / Author

    Pro Spring MVC: With Web Flow
    Conspect

    Have you read the reference guide.
    Use the [ code ] tags, young padawan
    Reply With Quote Reply With Quote
  3. May 24th, 2011, 10:16 AM #3
    denis13
    denis13 is offline Junior Member
    Join Date
    May 2011
    Posts
    2

    Cool YEs

    You're right i implements my own AuthenticationProvider like that :
    Code:
    import org.acegisecurity.Authentication;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.BadCredentialsException;
import org.acegisecurity.providers.AuthenticationProvider;
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.apache.log4j.Logger;

import mypackage.CustomUserDetails;
import mypackage.AuthentificationException;
import mypackage.AuthentificationService;

public class CustomAuthenticationProvider implements AuthenticationProvider {

	private Logger logger = Logger.getLogger(CustomAuthenticationProvider.class);
	
	private AuthentificationService authentificationService = null;

	/**
	 * setter to allows spring to inject AuthentificationService implementation
	 * 
	 * @param authentificationService
	 *            : object (implementation of AuthentificationService interface) to
	 *            inject.
	 */
	public AuthentificationService getAuthentificationService() {
		return authentificationService;
	}
	public void setAuthentificationService(AuthentificationService authentificationService) {
		this.authentificationService = authentificationService;
	}

	public Authentication authenticate(Authentication auth) throws AuthenticationException {
		//All your user authentication needs
		logger.info("============================== Authenticate Me =========================================");

		try {
			logger.info("=========== CustomAuthenticationProvider authenticate - START ===============");
			CustomUserDetails user = authentificationService.authenticateAndHabilitate((String)auth.getPrincipal(), (String)auth.getCredentials());
			
			logger.info("=========== CustomAuthenticationProvider authenticate - END ===============");
			return new UsernamePasswordAuthenticationToken(user.getUsername(), user.getPassword(), user.getAuthorities());//AUTHORITIES
			
		} catch (AuthentificationException e) {
			logger.error("=========== CustomAuthenticationProvider - AuthentificationException ===============");
			logger.error("Username/Password does not match for " + auth.getPrincipal());
			throw new BadCredentialsException("Username/Password does not match for " + auth.getPrincipal());
		}		
	}

	@SuppressWarnings("unchecked")
	public boolean supports(Class authentication) {
		return (UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication));
	}

}
    And it works perfectly thank you !
    Reply With Quote Reply With Quote
  4. Jan 3rd, 2012, 09:59 AM #4
    m@rc
    m@rc is offline Junior Member
    Join Date
    Jan 2012
    Posts
    1

    Default

    Thanks Denis13 for your AuthenticationProvider sample.
    Can you show us your mypackage.CustomUserDetails too ?
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules