Announcement Announcement Module
Collapse
No announcement yet.
Spring Security with Cookie based authentication and Java Config Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring Security with Cookie based authentication and Java Config

    I am using Spring Security and would like to use Cookie based authentication totally, i.e., no use of Http Session. In addition, I am using LDAP for the authentication as shown below:
    Code:
    <beans>
       	....
    	<authentication-manager>
    	  <authentication-provider>
    	  	<ldap-user-service user-search-filter="uid={0}"  user-search-base="ou=users"
               group-search-filter="(uniqueMember={0})"
               group-search-base="ou=groups"
               group-role-attribute="cn"
               role-prefix="ROLE_"/>
    	 </authentication-provider>
    	</authentication-manager>
    	
    	<http auto-config="true" create-session="stateless">
    		<intercept-url pattern="/login*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    		<intercept-url pattern="/logoutSuccess*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    		<intercept-url pattern="/*" access="ROLE_USER" />
    
    		<!-- Override default login and logout pages -->
    		<form-login login-page="/login.html" always-use-default-target="true"
    			default-target-url="/home.html" authentication-failure-url="/login.html?login_error=1" />
    		<logout logout-url="/logout" logout-success-url="/logoutSuccess.html" />
    	</http>
    </beans>
    I am also using form based authentication and not basic or digest. With the above, when the user logs in successfully, on the redirect they are not considered logged in due to the statelessness of the session and are re-directed back to the login page. I am hoping to add a filter that can check the presence of a Cookie and if present, use the information in it to proceed with authorization and direction to the welcome page.

    I was wondering how the same can be done and what one would need to accomplish the same? An example would be appreciated :-)

    In addition, if one wishes to use Java Config instead of XML, how does one configure <http> element? I know that one can import parts of an XML resource but I was hoping to not do the same.

    Thanks in advance for any help.
Working...
X