Announcement Announcement Module
No announcement yet.
Variables in applicationContext-security.xml Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Variables in applicationContext-security.xml

    I am going to have multiple websites tie in with my web-app. The username and password (as well as other information) will be pulled from various databases (depending on the site that the user is coming from). I have read about PropertyPlaceholderConfigurer already and that is a wonderful thing... but I will need various properties files... maybe using the site name as part of the name.
    My dilemma is how can I access a variable, "get", "post", maybe even "session" variables within the xml file to determine which properties file needs to be read/included.

    If you need more information or any sort of clarification, just let me know.
    I want to thank everyone who can help me out beforehand.
    Any advice will be appreciated.

  • #2
    Anyone have a clue?

    Does no one have a clue how you would be able to select which properties file is used in the applicationContext-security.xml based on some other variable?
    post, get, session, something?
    I need someway of doing this. Because depending on what other website (from a determined list) a user comes from will determine the properties file that needs to be used.
    If properties files won't work, then i need some other way of changing the database connection information based on where the user comes from.


    • #3
      PropertyPlaceholderConfigurer runs once-off, at context initialisation time, so it can't do what you're trying to do. It will substitute any placeholders only once, at startup, and not every time you receive a request.

      The best course of action in my opinion would be to provide a custom Authentication/AuthenticationProcessingFilter which can interface with multiple UserDetailsService implementations.

      To start with, extend UsernamePasswordAuthenticationToken (or AbstractAuthenticationToken) and add a "domain" property to it. Then extend AuthenticationProcessingFilter (or AbstractProcessingFilter) and return an instance of your new Authentication object with the "domain" property correctly set.

      Create a new AuthenticationProvider implementation that is capable of processing the new Authentication type, which takes into account the "domain" property. You can have a map of type Map<String, UserDetailsService> which is keyed on the domain. Follow the example of DaoAuthenticationProvider. Then create one UserDetailsService per domain, each configured with a different data source. Inject the map of domains-to-UserDetailsService into your newly created AuthenticationProvider.

      Now, when a login request comes in, the AuthenticationProcessingFilter will store the username, password, and domain in a new Authentication object. Your custom AuthenticationProvider will look at it, decide which domain it belongs to, and ask the appropriate UserDetailsService to retrieve that account. You can leave the password validation to Spring Security (make sure you use the correct PasswordEncoder if you're storing encrypted passwords).


      • #4

        Thank you very much
        I guess this isn't going to be as easy as I was hoping for.

        I will, of course, have to do some more research in exactly how to provide a custom authentication. But your advice is certainly helpful.
        I appreciate it, thanks.