Announcement Announcement Module
Collapse
No announcement yet.
Gae + Spring Security 3.0.5 using datastore Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Gae + Spring Security 3.0.5 using datastore

    I just can't undestand how to make an authentication mechanism that goes and fetches the user's data on the datastore and compares it with the users input. I don't fully undestand how spring security framework's authentication chain works. From what I undestood I could only do this:
    securityContext.xml
    Code:
    <authentication-manager >
        	<authentication-provider ref="gaeAuthenticationProvider"/>
    </authentication-manager>
    
    <beans:bean id="gaeAuthenticationProvider" class="com.gae.app.security.DatastoreAuthenticationProvider">
    DatastoreAuthenticationProvider.java
    Code:
    public class DatastoreAuthenticationProvider implements AuthenticationProvider {
        public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        	// ???
        }
    
        public final boolean supports(Class<?> authentication) {
            // ???
        }
    }
    I looked everywhere for sample code but found nothing. I looked over some implementations with Hibernate and nothing. What I only need is a full sample code or some basic explanation on how it works. I've read the reference documentation but couldn't implement it on GAE Datastore.
    The most simple example would help, there is no need to specify datastore commands just say "here goes the query" or something like that. Thanks
    Last edited by wencha; Aug 5th, 2011, 11:16 AM.

  • #2
    If I were you I would create a custom UserDetailsService

    Comment


    • #3
      I end up using AbstractUserDetailsAuthenticationProvider, I don't know if it is the best way but is working.

      Code:
      public class AuthenticationProvider extends AbstractUserDetailsAuthenticationProvider
      {
      	private SecurityDao securityDao; 
      
      	@Override
      	protected UserDetails retrieveUser(String username,
      			UsernamePasswordAuthenticationToken authentication)
      			throws AuthenticationException
      	{
      		final String password = authentication.getCredentials().toString();
      		boolean isValidUser = SecurityDao.isValidUser(username, password);
      		if (isValidUser)
      		{
      			final List<GrantedAuthorityImpl> authorities = SecurityDao.getAuthoritiesByUser(username);
      			return new User(username, password, true, true, true, true, authorities);
      		}
      		else
      		{
      			authentication.setAuthenticated(false);
      			throw new BadCredentialsException("Username/Password does not match for " 
      				+ authentication.getPrincipal());
      		}
      		
      	}
      }

      Comment


      • #4
        Hi wencha,

        I did it in similar way. Did you maybe implement also remember-me option? I have big troubles make it work ...

        An idea how would remember-me work with wencha's implementation?

        Comment

        Working...
        X