Results 1 to 4 of 4

Thread: Gae + Spring Security 3.0.5 using datastore

  1. Aug 5th, 2011, 09:41 AM #1
    wencha
    wencha is offline Junior Member
    Join Date
    Aug 2011
    Posts
    4

    Question Gae + Spring Security 3.0.5 using datastore

    I just can't undestand how to make an authentication mechanism that goes and fetches the user's data on the datastore and compares it with the users input. I don't fully undestand how spring security framework's authentication chain works. From what I undestood I could only do this:
    securityContext.xml
    Code:
    <authentication-manager >
    	<authentication-provider ref="gaeAuthenticationProvider"/>
</authentication-manager>

<beans:bean id="gaeAuthenticationProvider" class="com.gae.app.security.DatastoreAuthenticationProvider">
    DatastoreAuthenticationProvider.java
    Code:
    public class DatastoreAuthenticationProvider implements AuthenticationProvider {
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
    	// ???
    }

    public final boolean supports(Class<?> authentication) {
        // ???
    }
}
    I looked everywhere for sample code but found nothing. I looked over some implementations with Hibernate and nothing. What I only need is a full sample code or some basic explanation on how it works. I've read the reference documentation but couldn't implement it on GAE Datastore.
    The most simple example would help, there is no need to specify datastore commands just say "here goes the query" or something like that. Thanks
    Last edited by wencha; Aug 5th, 2011 at 10:16 AM.
    Reply With Quote Reply With Quote
  2. Aug 7th, 2011, 10:13 AM #2
    Rob Winch
    Rob Winch is offline Senior Member Spring Team
    Join Date
    Jan 2008
    Posts
    1,826

    Default

    If I were you I would create a custom UserDetailsService
    Rob Winch - @rob_winch
    Spring Security Lead
    Pivotal
    Reply With Quote Reply With Quote
  3. Aug 10th, 2011, 09:29 AM #3
    wencha
    wencha is offline Junior Member
    Join Date
    Aug 2011
    Posts
    4

    Default

    I end up using AbstractUserDetailsAuthenticationProvider, I don't know if it is the best way but is working.

    Code:
    public class AuthenticationProvider extends AbstractUserDetailsAuthenticationProvider
{
	private SecurityDao securityDao; 

	@Override
	protected UserDetails retrieveUser(String username,
			UsernamePasswordAuthenticationToken authentication)
			throws AuthenticationException
	{
		final String password = authentication.getCredentials().toString();
		boolean isValidUser = SecurityDao.isValidUser(username, password);
		if (isValidUser)
		{
			final List<GrantedAuthorityImpl> authorities = SecurityDao.getAuthoritiesByUser(username);
			return new User(username, password, true, true, true, true, authorities);
		}
		else
		{
			authentication.setAuthenticated(false);
			throw new BadCredentialsException("Username/Password does not match for " 
				+ authentication.getPrincipal());
		}
		
	}
}
    Reply With Quote Reply With Quote
  4. Aug 19th, 2011, 03:57 AM #4
    spelhan
    spelhan is offline Junior Member
    Join Date
    Aug 2011
    Posts
    2

    Default

    Hi wencha,

    I did it in similar way. Did you maybe implement also remember-me option? I have big troubles make it work ...

    An idea how would remember-me work with wencha's implementation?
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules