Announcement Announcement Module
Collapse
No announcement yet.
Spring security with Authorization only Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring security with Authorization only

    Hello everyone,

    I'm working in a new project where I need to manage user roles, just that, because this application is using its own authentication system through web services. So, the only thing I need to do is validate each user, if the user id exists in my database he could enter otherwise will be rejected. It means, no password, no login page (that is performed by the web services), just user id validation.

    I planned to use spring security in order to work around it but I have never used spring security, that's why I need your help. Is this possible? How can I do it? Any basic example or suggestion would be great.

    Thanks in advance,

    Luis.

  • #2
    Read the docs about PreAuthentication.

    Comment


    • #3
      Basic setting

      Thanks for your feedback.

      I took a look the documentation you suggested me and I think this should be the way to use authorization only:
      Code:
      	<security:http>
      		<security:custom-filter position="PRE_AUTH_FILTER" ref="meivFilter" />
      	</security:http>
      
      	<bean id="meivFilter"
      		class="org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter">
      		<property name="principalRequestHeader" value="USER_ID" />
      		<property name="authenticationManager" ref="authenticationManager" />
      	</bean>
      
      	<bean id="preauthAuthProvider"
      		class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
      		<property name="preAuthenticatedUserDetailsService">
      			<bean id="userDetailsServiceWrapper"
      				class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
      				<property name="userDetailsService" ref="userDetailsService" />
      			</bean>
      		</property>
      	</bean>
      
      	<security:authentication-manager alias="authenticationManager">
      		<security:authentication-provider ref="preauthAuthProvider" />
      	</security:authentication-manager>
      The authentication system will provide me the user_id.

      But I could not get the way to load the user roles through userDetailsService, could you please give a clue or someone else about it? I'd appreciate it because I'm stuck.

      Thanks,

      Luis.

      Comment


      • #4
        Your userDetailsService implementation should load the roles. You must wrap your user into a UserDetails impl which provides the roles via authorities.

        Comment


        • #5
          That's my doubt as I mentioned before. So, I should implement UserDetailsService (UserServiceImpl implements UserDetailsService) in order to get the user detail, ie. through a dao from database with his/her role, is that correct?

          Comment


          • #6
            I thought you have already an own impl of userdetailsservice. What do you use as userdetailsservice?

            Comment


            • #7
              First of all, thanks for replying it again.

              I don't use anything at the moment. This is the part where I get confused. I'm trying to find out the way to load user roles defined from the database using my own DAO. According to my understanding if I implement the UserDetailsService, I will be able to get the data (created by me it means user/role data) from the database and I will be able to set that data in a new User object. Then I could return it (user-rol info). Is this correct? Is this the way it works? Because that's I'm trying to do.

              I hope it helps your understanding much better.

              Regards,

              Luis.

              Comment


              • #8
                That's it.

                Comment


                • #9
                  Take a look the second part, which is here: http://forum.springsource.org/showth...ication-part-2

                  Comment

                  Working...
                  X