0

We are using spring 2.5. We have common web services to authenticate user, which takes a user name and password as input and returns true or false after validating the password. How and where should we implement this web service call? Please reply. Thanks

Right now we have following spring configuration. we want to incorporate webservice call into it.

    <intercept-url pattern="/service/**" access="ROLE_ANONYMOUS, ROLE_LEARNER,ROLE_TRAININGADMINISTRATOR,ROLE_LMSADMINISTRATOR,ROLE_REGULATORYANALYST,ROLE_INSTRUCTOR"/>  

    <logout invalidate-session="true" logout-success-url="/login.do"/>
    <anonymous />  <http-basic /> <remember-me />
</http>
<b:bean id="authenticationProcessingFilterEntryPoint" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
    <b:property name="loginFormUrl" value="/login.do"/>
    <b:property name="forceHttps" value="false" />
</b:bean>
<authentication-manager alias='authenticationManagerAlias'/>

<b:bean id="myAuthenticationProcessingFilter" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter">
    <b:property name="defaultTargetUrl" value="/interceptor.do"/>
    <b:property name="authenticationFailureUrl" value="/login.do"/>
    <b:property name="authenticationManager" ref="authenticationManagerAlias"/>
    <b:property name="authenticationDetailsSource" ref="vu360UserAuthenticationDetailsSource"/>
    <b:property name="alwaysUseDefaultTargetUrl" value="true"/>
    <custom-filter position="AUTHENTICATION_PROCESSING_FILTER"/>
</b:bean>    

<b:bean class="org.springframework.security.providers.dao.DaoAuthenticationProvider">
    <b:property name="userDetailsService" ref="userDetailsService"/>
    <b:property name="passwordEncoder" ref="passwordEncoder"/>
    <b:property name="saltSource" ref="saltSource"/>
    <custom-authentication-provider/>  
</b:bean>   
<b:bean class="org.springframework.security.providers.dao.DaoAuthenticationProvider">
    <b:property name="userDetailsService" ref="userDetailsService"/>
    <custom-authentication-provider/>  
</b:bean>

Improve this question
1
  • I'm assuming you're using the UsernameAndPasswordAuthenticationFilter and the user is entering the username/password in a form? Can you post your current spring security configuration? Commented May 8, 2013 at 21:58

1 Answer 1

Reset to default
0

If you want to control the authentication yourself you can create your own AuthenticationManager that calls the web service and inject it into the AuthenticationProcessingFilter. Here's an example custom AuthenticationManager, obviously you'll need to replace the example service call with whatever code you use to call your actual service.

public class CustomWebServiceAuthenticationManager implements AuthenticationManager {

    public Authentication authenticate(Authentication credentials) throws AuthenticationException {
        String username = credentials.getName();
        String password = (String)credentials.getCredentials();

        // change this to your actual web service call
        boolean successfulAuthentication = myWebService.authenticate(username, password);
        if(successfulAuthentication) {
            // do whatever you need to do to get the correct roles for the user, this is just an example of giving every user the role "ROLE_LEARNER"
            List<GrantedAuthority> roles = Collections.singletonList(new SimpleGrantedAuthority("ROLE_LEARNER"));
            return new UsernamePasswordAuthenticationToken(username, password, roles);
        } else {
            throw new AuthenticationException("Authentication failed, invalid username or password");
        }
    }
}

Then add the CustomWebServiceAuthenticationManager to your spring configuration and reference it in the AuthenticationProcessingFilter.

<b:bean id="customWebServiceAuthenticationManager" class="CustomWebServiceAuthenticationManager"/>

<b:bean id="myAuthenticationProcessingFilter" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter">
    <b:property name="defaultTargetUrl" value="/interceptor.do"/>
    <b:property name="authenticationFailureUrl" value="/login.do"/>
    <b:property name="authenticationManager" ref="customWebServiceAuthenticationManager"/>
    <b:property name="authenticationDetailsSource" ref="vu360UserAuthenticationDetailsSource"/>
    <b:property name="alwaysUseDefaultTargetUrl" value="true"/>
<custom-filter position="AUTHENTICATION_PROCESSING_FILTER"/>

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.