Announcement Announcement Module
Collapse
No announcement yet.
Spring Acegi Security how can i get the password entered (j_password) Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring Acegi Security how can i get the password entered (j_password)

    Hi,

    I'm using the Acegi Security.
    I have a problem because the authentification in my company is outsourced with a WebService.
    This WS have 2 arguments : login and password.

    I would like to get the current password (sPassword in the example) into the loadByUserName(String login) method of my own class UserDetailsService, where userManagerService call my authentification WS :
    Code:
    ...
    public UserDetails loadUserByUsername(String login) {
    		logger.info("Trying to Load the User with login: " + login + " and password PROTECTED from database and LDAP directory");
    		try {
    			logger.info("Searching the user with login: " + login + " in database");
    
    			UserMetierImpl user = userManagerService.authenticateAndHabilitate(login, sPassword);
    
    			...
    
    			logger.debug("Create User for acegi features for User with login: " + login);
    			org.acegisecurity.userdetails.User acegiUser = new org.acegisecurity.userdetails.User( login, user.getPasswordUser(), true, true, true, true, arrayAuths);
    			logger.info("user with login: " + login + " authenticated");
    
    			return acegiUser;
    		} catch (DataAccessException e) {
    			logger.error("Cannot retrieve Data from Database server : " + e.getMessage() + ". Authentication failed for user " + login);
    			throw new UsernameNotFoundException("user not found", e);
    		}
    	}
    I don't have any access to the LDAP directory.

    Someone know how can I do ?

    Thanks in advance,

    Denis

  • #2
    As the method name already gives away you only have the username.

    Instead of using a UserService you need to write your own AuthenticationProvider instead of using the DaoAuthenticationProvider (which uses the UserDetailsService). That way you have access to the username and password.

    Comment


    • #3
      YEs

      You're right i implements my own AuthenticationProvider like that :
      Code:
      import org.acegisecurity.Authentication;
      import org.acegisecurity.AuthenticationException;
      import org.acegisecurity.BadCredentialsException;
      import org.acegisecurity.providers.AuthenticationProvider;
      import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
      import org.apache.log4j.Logger;
      
      import mypackage.CustomUserDetails;
      import mypackage.AuthentificationException;
      import mypackage.AuthentificationService;
      
      public class CustomAuthenticationProvider implements AuthenticationProvider {
      
      	private Logger logger = Logger.getLogger(CustomAuthenticationProvider.class);
      	
      	private AuthentificationService authentificationService = null;
      
      	/**
      	 * setter to allows spring to inject AuthentificationService implementation
      	 * 
      	 * @param authentificationService
      	 *            : object (implementation of AuthentificationService interface) to
      	 *            inject.
      	 */
      	public AuthentificationService getAuthentificationService() {
      		return authentificationService;
      	}
      	public void setAuthentificationService(AuthentificationService authentificationService) {
      		this.authentificationService = authentificationService;
      	}
      
      	public Authentication authenticate(Authentication auth) throws AuthenticationException {
      		//All your user authentication needs
      		logger.info("============================== Authenticate Me =========================================");
      
      		try {
      			logger.info("=========== CustomAuthenticationProvider authenticate - START ===============");
      			CustomUserDetails user = authentificationService.authenticateAndHabilitate((String)auth.getPrincipal(), (String)auth.getCredentials());
      			
      			logger.info("=========== CustomAuthenticationProvider authenticate - END ===============");
      			return new UsernamePasswordAuthenticationToken(user.getUsername(), user.getPassword(), user.getAuthorities());//AUTHORITIES
      			
      		} catch (AuthentificationException e) {
      			logger.error("=========== CustomAuthenticationProvider - AuthentificationException ===============");
      			logger.error("Username/Password does not match for " + auth.getPrincipal());
      			throw new BadCredentialsException("Username/Password does not match for " + auth.getPrincipal());
      		}		
      	}
      
      	@SuppressWarnings("unchecked")
      	public boolean supports(Class authentication) {
      		return (UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication));
      	}
      
      }
      And it works perfectly thank you !

      Comment


      • #4
        Thanks Denis13 for your AuthenticationProvider sample.
        Can you show us your mypackage.CustomUserDetails too ?

        Comment

        Working...
        X