Dec 18th, 2007, 09:24 AM
Acegi security authentication question - use different authentication providers?
We need to develop an application which accepts different kind of ways of users authentication:
- username/password authentication
- authentication based on special token returned as a parameter of HTTP request sent by another server - this means user is being authenticated on another server, this server generates secure token which is acceptable as a credential by our application, and sends a redirect to the application with acegi to the user's browser
- authentication is performed as external SOAP call to another service
- ... etc (planned to be extended later)
at the pont of user's view, the authentication looks like this:
1) user opens the login page, then choose the authentication type.
2) the system opens appropriate login page to each type of authentication, which may include displaying the form of appropriate type or redirect user to special login page of third-party application, or request some additional data from another service to be displayed
3) the system recognizes the user input, or handles redirects from third-party application, or is doing the SOAP call etc, and recognizes user credentials (which is simple object holding user ID unique but same for the given user within our system - this object will be used to grant access to pages, domain objects etc)
whilst all of this seems to be not hard implementing using spring MVC, however we would like to employ Acegi at early stages to allow further extendibility of the authentication system and use abilities of securing pages, role recognizing etc provided by Acegi.
So the question is - could somebody please point me what interfaces we need to take a look at, how to recognize and implement such flexible authentication which might involve processing of responses of another applications etc?
Thank you in advance and sorry if all of this is described in documentation - I've take a quick look at reference and tutorial, but didn't find anything similar to described above.
Dec 18th, 2007, 10:08 AM
Well your topic title already answers it. Implement different AuthenticationProviders. However acegi already ships with several implementations which might be applicable for your case(s).
Dec 19th, 2007, 04:11 AM
Okay, however it's still unclear for me, how do I configure Acegi to display the initial page, which allows to choose the authentication service to use, then depending of user selection display the appropriate page, or perform some redirect to another page which is doing the authentication and handle the redirect then?