Which class implement the validation of the authentication

[nretrain]

Hi,

I would create a web app using Spring Security. Basics are working well, but the next step is more difficult.

Now I want Spring Security works with another application. Spring Security still catches the login and password, then sends them to the second application and wait for its response (true or false) to know if the user is accepted or not.

I have been searching long time to know which security classes I have to implement/extend to make it working, but I am a bit lost. Does anyone know the answer?

Thanks

Nico R.

[arthomps]

Hi,

I would create a web app using Spring Security. Basics are working well, but the next step is more difficult.

Now I want Spring Security works with another application. Spring Security still catches the login and password, then sends them to the second application and wait for its response (true or false) to know if the user is accepted or not.

I have been searching long time to know which security classes I have to implement/extend to make it working, but I am a bit lost. Does anyone know the answer?

Thanks

Nico R.

You would implement your own implementation of AuthenticationProvider.

That said, you might consider existing implementations of Single Sign On before proceeding. What you're proposing is non trivial to do in a secure manner.