Announcement Announcement Module
No announcement yet.
Authenticate tonr2 with a custom AuthenticationProvider against sparklr2 Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Authenticate tonr2 with a custom AuthenticationProvider against sparklr2

    I would like to authenticate the tonr2 users directly against sparklr2 (no forwarding to sparklr2!). For this I would like to use the login form at tonr2 to send the username & password to sparklr2 and authenticates the user. My idea is to create a custom AuthenticationProvider for this at tonr2.

    Is this the right way to do something like this? How should I pass the token to spring security?

    Thanks for your support/ideas,
    Last edited by adrian.hoehn; Feb 28th, 2012, 02:37 AM.

  • #2
    Sounds like a bad idea. Client apps are not supposed to collect credentials - that's the whole point of OAuth. Maybe you could explain you ruse case in more detail?


    • #3
      the idea is:
      a) I have a REST-backend which is secured by spring-oauth. Different clients will access it.
      b) I have a frontend which consumes the backend-REST-services.

      frontend has no own users, frontend sends OAuth "password" request to backend, if it's successfull frontend will authorizes the user. Frontend should then use the authentication-token to access the backend.

      Instead of the browser-client is doeing the handshake, the frontendserver is doeing it.

      In the browser simulated, the frontend-server will do something like this
      1. Request

      2. Request with access_token from first request
      Finally I don't want to collect this access_token, the AuthenticationProvider should return it to the clientsession inside of a UsernamePasswordAuthenticationToken or something similar for OAuth. So that the token can be reused.

      Maybe there's a simpler way for doeing this. What I don't want is that the frontend-users have something todo with the backend-rest-server. If they have to login somewhere, than it should allways be inside the frontend without any redirects.


      • #4
        OK. It sounds like your back-end is a pure Resource Server, and your front-end is an Authorization Server as well as a Client, in Oauth2 terms. That should work. The Sparklr2 sample is both Resource Server and Authorization Server, but you can split the two and put the Auth pieces in the client app (Tonr2 in the samples). The ResourceServerTokenServices would need access to the token information in the AuthServer - you can do that by using a shared TokenStore, for instance.

        You mentioned very briefly some "other clients". They would have to be happy to use the same Auth Server.