Announcement Announcement Module
Collapse
No announcement yet.
Writing Custom Authentication Manager Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Writing Custom Authentication Manager

    Hi All,

    Current working Scenario which comes default from Spring :

    If I have multiple custom authentication providers and while authenticating, the providers get executed sequentially and if a particular provider able to authenticate successfully then the Authentication object will be returned from the Authenticate method in the Provider Manager.

    My Requirement :

    The Authentication Manager should not execute all the providers code , instead Only the required provider code should execute directly.
    Eg : I have DAO Authentication and LDAP Authentication providers and once the user logs in based on the userName I can determine whether he needs to be authenticated using DAO/LDAP .So I should authenticate the user directly using the respective provider i.e if the user exists in database then I should directly authenticate using DAO authentication provider and not go through the sequence of providers.

    For this requirement I have to write my own custom Authentication manager ? Is that correct ? I have tried that but what is happening internally the ProviderManager's "authenticate" method is getting called and then my custom manager "authenticate" method is called.

    Can you please let me know what is wrong in it ? I have attached my custom manager code and spring-security.xml code.I am not concerned about the login in it currently .Forgive me if its wrong. I am just wondering why the provider manager's authenticate method is calling before my custom manager's authenticate method.

    Also please let me know what care needs to be taken when implementing custom Authenticate Manager.

    Please let me know as soon as possible as I need to inform client whether its possible or not.

  • #2
    Is that your entire security config xml? I'd have to see exactly what it is firing, but I suspect for what you're attempting you don't want to use auto-config='true' (this sets up a lot of extra *magic* for you).

    But I also don't understand why you need a custom AuthenticationManager for your scenario. How are you deciding whether a user should be authenticated with DAO vs LDAP? Usually one method of authentication takes precedence over the other and people just put the providers in the corresponding order. I believe it should stop going through the providers once one of them is successful at authenticating the user.

    Comment


    • #3
      Originally posted by Talmage View Post
      Is that your entire security config xml? I'd have to see exactly what it is firing, but I suspect for what you're attempting you don't want to use auto-config='true' (this sets up a lot of extra *magic* for you).

      But I also don't understand why you need a custom AuthenticationManager for your scenario. How are you deciding whether a user should be authenticated with DAO vs LDAP? Usually one method of authentication takes precedence over the other and people just put the providers in the corresponding order. I believe it should stop going through the providers once one of them is successful at authenticating the user.
      Yes my security.xml is that much only.As you pointed out auto-config=true is doing magic. I will do a research on it and post it. Also Actually i do not want the providers to get executed sequentially as I know from the user name the user belongs to where and hence I do not want each providers code to execute.
      I am still doing a research on it .. Will email to forum if i get something .Also pls let me know if anyone finds a solution for this.

      Comment

      Working...
      X