Announcement Announcement Module
Collapse
No announcement yet.
Is there possibility to use Spring Security without it's authentification mechanism? Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Is there possibility to use Spring Security without it's authentification mechanism?

    I only need to secure URLs and methods.

    My application has own difficult authentification method, and I can simply set the SecurityContext in this method:

    Code:
    SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(user.getUsername(), user.getPassword(), authorities));
    Securing methods I guess is possible with such configurations:

    Code:
    <b:bean id="springSecurityFilterChain" class="org.springframework.security.web.FilterChainProxy">
             <filter-chain-map path-type="ant">
                <filter-chain pattern="/**" filters="securityContextPersistenceFilter"/>
            </filter-chain-map>
        </b:bean>
    
        <b:bean id="securityContextPersistenceFilter"
    class="org.springframework.security.web.context.SecurityContextPersistenceFilter"/>
    (Without any other filters.)

    But is there possibility to secure URLs without AuthenticationManager?

  • #2
    Sure, you could do this, but at that point, what value is Spring Security bringing vs just writing your own SecurityContextHolder etc.?

    Are you handling login, logout, redirect, and all the other security stuff yourself also?

    Comment


    • #3
      Originally posted by pmularien View Post
      Sure, you could do this, but at that point, what value is Spring Security bringing vs just writing your own SecurityContextHolder etc.?
      As I mentioned earlier, I want only simple mechanism for seruring URLs and methods.

      Are you handling login, logout, redirect, and all the other security stuff yourself also?
      I handle login, logout myself.

      I guess AuthenticationManager is used only for login? Or I mistake?
      Last edited by kostepanych; Jan 17th, 2011, 06:58 AM.

      Comment


      • #4
        It sounds like you are already handling all of your authentication needs already and just want to use Spring Security for authorization. If this is the case, you might consider looking at the PreAuthentication Scenarios.

        Comment

        Working...
        X