Results 1 to 3 of 3

Thread: Authentication via parameters

  1. Sep 20th, 2005, 09:35 AM #1
    cesar_rodriguez_r
    cesar_rodriguez_r is offline Junior Member
    Join Date
    Sep 2005
    Posts
    11

    Default Authentication via parameters

    Hi i recently configure acegi in my application, it is good if i use form-based authentication but i have another entrance to my application which is throw parameters, inthis way :

    http://server/myapp/access.do?user=ACEDFGRGGTBHB

    this user is already authenticated in other protal which has a link to myapp so the user dosent need to authenticate again, so the portal pass me the user as a encrypted parameter, then i have to get it and authenticated it but before i have to deesencrypt it. the process:

    client portal -> user authentication -> link to myapp -> get the user (no passwords) -> desencrypt it -> authenticate it with acegi

    I dont know what do i have to implement in order to acegi dont show me the login page (is it requiered?) and i think on a provider but a provider needs user and password and it needs too a login page.

    I really dont wich is the best way to do this, can anybody help me?

    tnks
  2. Sep 20th, 2005, 06:12 PM #2
    Ben Alex
    Ben Alex is offline Senior Member Spring Team
    Join Date
    Aug 2004
    Location
    Sydney, Australia
    Posts
    2,768

    Default

    You'll need to write an authentication mechanism (ie extension of AbstractProcessingFilter) that listens for the entry point URL and can generate an UsernamePasswordAuthenticationToken object containing the token and pass it to the AuthenticationManager. The AuthenticationManager will then use an AuthenticationProvider that you write which can decrypt the token and return a fully formed Authentication object (inclusive of GrantedAuthority[]s). Aside from these two classes, you shouldn't need to write anything else.
    Ben Alex
    Project Founder, Spring UAA, Spring Roo and Spring Security
  3. Sep 20th, 2005, 06:13 PM #3
    cesar_rodriguez_r
    cesar_rodriguez_r is offline Junior Member
    Join Date
    Sep 2005
    Posts
    11

    Default A Filter before ACEGI

    Hi i've already developed a solution for this issue, but i really dont know if it is the right way, i created another filter which is excuted for any url /*
    that lets search for an specific url and makes the procees of desencrypting then when i've already solved my login i passed this login to a form that automatically submit on load with acegi and that's all->



    Client App -> User Authentication -> link to myApp -> my own authentication filter -> desencrypt password -> acegi form -> autosubmit -> acegi authentication via DAO

    if somebody knows a best way, let me know please
« Previous Thread | Next Thread »

Similar Threads

  1. Problem: SecureContextImpl reused in subsequent session
    By jgraves in forum Security
    Replies: 2
    Last Post: Oct 13th, 2005, 02:47 PM
  2. Loosing my SecureContext
    By sklakken in forum Security
    Replies: 3
    Last Post: Jul 21st, 2005, 01:44 PM
  3. JaxRpc client side authentication.
    By ervandew in forum Security
    Replies: 3
    Last Post: May 18th, 2005, 12:00 PM
  4. Method call why not be intercepted by MethodSecurityIntercep
    By aaron8tang in forum Security
    Replies: 8
    Last Post: Dec 7th, 2004, 06:13 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules