Announcement Announcement Module
No announcement yet.
How to anthenticate via another object Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to anthenticate via another object

    Hi Ben:
    I have been using Acegi for the past two days. Here is what I like to do. I have an object that is called Userstore which holds all the user information. The API I have with userstore is boolean athenticate(String username, String password). I like to use acegi to do the authentication without too much change of the userstore. In another word, I would like userstore to operate without the knowledge of acegi. Only acegi is sending information to get the userstore and use its api. There are methods inside userstore like constructors so I can get a good userstore to start it with.
    Anyway, I am taking a baby steps approach so eventually I like to use cas to talk to the userstore. Can I get some help on this please

  • #2
    At minimum your Authentication object needs to hold username, password, and GrantedAuthority[]s. I can see where the former two would come from with your Userstore, but what about GrantedAuthority[]s?

    The easier approach is undoubtedly to not use Userstore at all, and write an AuthenticationDao implementation that sources the authentication data from the same backend location as your Userstore would use. An AuthenticationDao has a single method, is very easy to write, and will deliver you good compatibility with whatever you decide to do in the future (eg move to CAS).

    If you have strong reasons to use Userstore, you'll need to write an AuthenticationProvider that communicates with it. The AuthenticationProvider will unwrap Authentication requests, present them to Userstore, receive the Userstore respond, and create a response Authentication object to return to the caller. As you can see, it's a lot more work than the minor persistence-related code of an AuthenticationDao.


    • #3
      I still need help

      Well thanks Ben. I gues I need to be much more clear about the userstore. It is a essential component of the program. yet it is done through spring, as you can see, it is an object that hides all the implementation from user. From my view, an userstore is an object that can give me access to the data I need, thusly the authentication can be done. You can think this userstore as an independent POJO. I am writing an userstoreauthenticationDaoImp, which has the user store in side, What I have trouble is the GrantedAuthoried[]. \

      import org.springframework.dao.DataAccessException;

      import net.sf.acegisecurity.GrantedAuthority;
      import net.sf.acegisecurity.UserDetails;
      import net.sf.acegisecurity.providers.dao.AuthenticationD ao;
      import net.sf.acegisecurity.providers.dao.User;
      import net.sf.acegisecurity.providers.dao.UsernameNotFoun dException;
      * Created on Jan 3, 2005
      * @author Richard N. Sang
      * @Company CompHealth Group
      * TODO To change the template for this generated file go to
      * Window - Preferences - Java - Code Generation - Code and Comments

      public class UserStoreAuthenticationDaoImp implements AuthenticationDao {
      private userstoremock userstore;
      public UserStoreAuthenticationDaoImp() {
      userstoremock userstore = new userstoremock();
      public void setUserStoreAuthneicationDaoImp(userstoremock userstore){
      public UserDetails loadUserByUsername(String arg0)
      throws UsernameNotFoundException, DataAccessException {
      userstore=new userstoremock();
      userMock user = userstore.findUser(arg0);
      if (user!=null)
      User detail = new User(user.getUserName(),user.getUserPassword(),fal se,new GrantedAuthority[1]);
      return detail;
      return null;


      For somereason, I can't get the userdetail setup correctly, can I get some help there?
      I believe if I finish this implementation, I can get the userstore to work. I wonder how the User constructor work, or there is another way to init it.
      Thanks ben


      • #4
        Your GrantedAuthority[]s are typically GrantedAuthorityImpl objects.

        The GrantedAuthority[]s get passed to the AccessDecisionManager, so it can decide whether the principal has the required authorities to call a secure object.

        Typically you implement a separate database table to hold your authorities, such as shown in the sample schema at You can normalise it a little better, into say a USER and AUTHORITY table, plus a USER-AUTHORITY link table. Your DAO implementation would typically create a GrantedAuthorityImpl instance for each matching row in AUTHORITY.