Announcement Announcement Module
No announcement yet.
User Authentication with LDAP and remoting approach Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • User Authentication with LDAP and remoting approach

    We are designing an application that utilizes a thick client that communicates with a service tier via spring remoting. I have a requirement where I need to authenticate a user the first time he/she logs into the client. I use spring security to set up an authentication provider via LDAP.
    <ldap-server root="dc=springframework,dc=org"/>
        <ldap-authentication-provider user-dn-pattern="uid={0},ou=people" />
        <authentication-manager alias="authenticationManager" />
    My strategy was to create an authentication service that has the authentication manager injected into it where I do the authentication and then try to put it into the security context:

    Authentication auth = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(userid, password));
    SecurityContext sc = SecurityContextHolder.getContext();
    I have read forums and documentation. Am I correct in assuming that the security context is maintained and instantiated by the container? I am not using any kind of filtering at my web.xml because I don't want every request authenticated, just the first time and then maintain if for the entire session. How do I maintain the security context when I am using spring remoting. I would appreciate some input on my strategy.

    Thanks folks,