Announcement Announcement Module
No announcement yet.
Spring Acegi Security how can i get the password entered (j_password) Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring Acegi Security how can i get the password entered (j_password)


    I'm using the Acegi Security.
    I have a problem because the authentification in my company is outsourced with a WebService.
    This WS have 2 arguments : login and password.

    I would like to get the current password (sPassword in the example) into the loadByUserName(String login) method of my own class UserDetailsService, where userManagerService call my authentification WS :
    public UserDetails loadUserByUsername(String login) {"Trying to Load the User with login: " + login + " and password PROTECTED from database and LDAP directory");
    		try {"Searching the user with login: " + login + " in database");
    			UserMetierImpl user = userManagerService.authenticateAndHabilitate(login, sPassword);
    			logger.debug("Create User for acegi features for User with login: " + login);
    			org.acegisecurity.userdetails.User acegiUser = new org.acegisecurity.userdetails.User( login, user.getPasswordUser(), true, true, true, true, arrayAuths);"user with login: " + login + " authenticated");
    			return acegiUser;
    		} catch (DataAccessException e) {
    			logger.error("Cannot retrieve Data from Database server : " + e.getMessage() + ". Authentication failed for user " + login);
    			throw new UsernameNotFoundException("user not found", e);
    I don't have any access to the LDAP directory.

    Someone know how can I do ?

    Thanks in advance,


  • #2
    As the method name already gives away you only have the username.

    Instead of using a UserService you need to write your own AuthenticationProvider instead of using the DaoAuthenticationProvider (which uses the UserDetailsService). That way you have access to the username and password.


    • #3

      You're right i implements my own AuthenticationProvider like that :
      import org.acegisecurity.Authentication;
      import org.acegisecurity.AuthenticationException;
      import org.acegisecurity.BadCredentialsException;
      import org.acegisecurity.providers.AuthenticationProvider;
      import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
      import org.apache.log4j.Logger;
      import mypackage.CustomUserDetails;
      import mypackage.AuthentificationException;
      import mypackage.AuthentificationService;
      public class CustomAuthenticationProvider implements AuthenticationProvider {
      	private Logger logger = Logger.getLogger(CustomAuthenticationProvider.class);
      	private AuthentificationService authentificationService = null;
      	 * setter to allows spring to inject AuthentificationService implementation
      	 * @param authentificationService
      	 *            : object (implementation of AuthentificationService interface) to
      	 *            inject.
      	public AuthentificationService getAuthentificationService() {
      		return authentificationService;
      	public void setAuthentificationService(AuthentificationService authentificationService) {
      		this.authentificationService = authentificationService;
      	public Authentication authenticate(Authentication auth) throws AuthenticationException {
      		//All your user authentication needs"============================== Authenticate Me =========================================");
      		try {"=========== CustomAuthenticationProvider authenticate - START ===============");
      			CustomUserDetails user = authentificationService.authenticateAndHabilitate((String)auth.getPrincipal(), (String)auth.getCredentials());
      			"=========== CustomAuthenticationProvider authenticate - END ===============");
      			return new UsernamePasswordAuthenticationToken(user.getUsername(), user.getPassword(), user.getAuthorities());//AUTHORITIES
      		} catch (AuthentificationException e) {
      			logger.error("=========== CustomAuthenticationProvider - AuthentificationException ===============");
      			logger.error("Username/Password does not match for " + auth.getPrincipal());
      			throw new BadCredentialsException("Username/Password does not match for " + auth.getPrincipal());
      	public boolean supports(Class authentication) {
      		return (UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication));
      And it works perfectly thank you !


      • #4
        Thanks Denis13 for your AuthenticationProvider sample.
        Can you show us your mypackage.CustomUserDetails too ?