Results 1 to 3 of 3

Thread: Authentication on with two steps(screens) with Spring Security

  1. Jan 22nd, 2012, 05:05 AM #1
    Bagua
    Bagua is offline Junior Member
    Join Date
    Feb 2011
    Posts
    7

    Default Authentication on with two steps(screens) with Spring Security

    Hi,

    Is it possible to to do two stage authentication with Spring Security? The requirement is for the login to be done over two pages, and it is functionality that is already in place (so can't really be easily changed). The first screen will have an identification number (userName) and the user's lastName, which will then be authenticated against details in a db. The second screen will have a memorableDate and an accesCode (the password).

    We want to add Spring Security to our stack, and I've spent a good few days on this trying to find a solution. To me it seems that there's nothing available out of the box. Even if I start extending code I still need to implement the UserDetails interface which must contain the userName and password, which isn't captured on the first screen. So is Spring Security right for this task?

    Here's some stuff I found on Stack Overflow from a guy with a similar problem: http://stackoverflow.com/questions/6...pring-web-flow. He's considered using Spring webflow for the two screens or using a kind of 'semi-authenticated' ROLE.



    Any help would be greatly appreciated.
    Last edited by Bagua; Jan 22nd, 2012 at 05:09 AM.
    Reply With Quote Reply With Quote
  2. Jan 31st, 2012, 11:02 AM #2
    thobson
    thobson is offline Member
    Join Date
    Nov 2006
    Location
    London, UK and Tallinn, Estonia
    Posts
    55

    Default

    It's certainly possible, we use Spring Security and Webflow for just this purpose in our platform. Our implementation goes something like this:

    1. User is prompted to enter his username (Page 1)
    2. We display his/her "Siteseal" (basically a form of mutual authentication to prevent phishing) (Page 2)
    3. We prompt the user to enter his password and two factor token password (Page 2)


    We use Webflow to handle the login flow and map the spring security login-page to this:
    Code:
    <security:form-login login-page="/login" />
    We then programatically authenticate the user within the flow:

    Code:
    SecurityContextHolder.getContext().setAuthentication(auth);
    Reply With Quote Reply With Quote
  3. Feb 1st, 2012, 03:55 PM #3
    Bagua
    Bagua is offline Junior Member
    Join Date
    Feb 2011
    Posts
    7

    Default

    Thanks for the reply thobson. It does make absolute sense to make it a webflow. I've parked it for a while to do some other work, but I'll try it again within the next week or so and update the thread with the result.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules