Newbie help with custom authentication
Hi all,
I'm basically after some advice on the best way to do custom authentication.
We're just starting out with Spring, we intend to write services that are secured using Spring's security framework. The authentication is performed against a mainframe via a SOAP call.
As a test I built the sample MVC app and managed to secure the pages using basic HTTP authentication and a custom AuthenticationProvider. This provider calls the mainframe and constructs a custom Authentication object, which is called MainframeAuthenticationToken. This contains a 'user' object which is nothing to do with Spring Security - it's just a class that hold data from the mainframe about the user (we need this to hold the rather complex authorisation records returned by the m/f).
Anyway, this all works fine and I can get the user's name displayed in a JSP doing this:
My problem is that, now I'm reading the documentation in more depth, I'm worried that I haven't done anything with UserDetails and UserDetailsService - I'm concerned that I've missed Something ImportantCode:String name = null; Object obj = SecurityContextHolder.getContext().getAuthentication(); if (obj instanceof MainframeAuthenticationToken) { MainframeAuthenticationToken token = (MainframeAuthenticationToken) obj; DdsSpringUser user = token.getUser(); name = String.format("%s %s", user.getFirstName(), user.getLastName()); LOG.debug("Serving page for user " + name); } return new ModelAndView("hello", "name", name);
Specifically, I want to change HTTP basic authentication for digest authentication, and that seems to require it, e.g. from the manual :"The configured UserDetailsService is needed because DigestProcessingFilter must have direct access to the clear text password of a user".
If you're read this far, many thanksI've only be looking at Spring for a few days so any pointers or tips are much appreciated!
Cheers, john
