Apr 13th, 2009, 12:49 AM
Remember-Me with custom LDAP Authentication
I want to implement remember me functionality of spring security in my project. As of now, i've three input box on login screen:
1. User Name
I've custom ProcessingFilter, AuthenticationToken & AuthenticationProvider. AuthenticationProvider authenticates user request (taking all 3 input parameters) against LDAP with the help of spring-ldap. Once authenticated i fetch user roles from database (as user can be associated with more than one role) and populate it in UsernamePasswordAuthenticationToken which will be returned back from authenticate method of AuthenticationProvider.
Now i want to add one checkbox on login screen, when checked, application should remember user for next 2 weeks.
Any pointer for good documentation/tutorial??
Is there any sample code available?
Apr 15th, 2009, 04:08 AM
I searched through different forums but didn't find any solution.
Am i the only one facing this issue? i've seen similar posts, but without any resolution.
Apr 16th, 2009, 01:48 AM
Am somehow able to implement this. But the only problem i'm facing is with 'password'.
When cookie is created it uses password entered by user to create cookie.
And while authenticate against remember me service, it tries to fetch password from LDAP. But LDAP always return null for userpassword and hence it asks user to login again.
For now, i changed TokenBasedRememberMeServices and used 'xyz' as password to create cookie and am using same 'xyz' in MyAppLdapUserDetailsService to return UserDetails object. It's working but not sure if it's safe/adviceable.
Apr 16th, 2009, 04:29 AM
No, using a fixed password isn't a good idea.
You can use PersistentTokenBasedRememberMeServices as an alternative implementation.
Tags for this Thread