Win a copy of Functional Reactive Programming this week in the Other Languages forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Spring Security: Authorization with out Authentication

 
Sukumar Gaade
Greenhorn
Posts: 24
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

We have a web app say 'app1' where the authentication process is external to our system (based on single sign-on with WAS 6.1) and this cannot be modified. Once the user succeeds the authentication, he gets access to 'app1' and the user credentials are loaded in the session/object, including roles.

What we are trying to achieve is to make use of this information for the authorization process of Spring Security. How to acheive this?

Thanks,
 
Mark Spritzler
ranger
Sheriff
Posts: 17278
6
IntelliJ IDE Mac Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sukumar Gaade wrote:Hi,

We have a web app say 'app1' where the authentication process is external to our system (based on single sign-on with WAS 6.1) and this cannot be modified. Once the user succeeds the authentication, he gets access to 'app1' and the user credentials are loaded in the session/object, including roles.

What we are trying to achieve is to make use of this information for the authorization process of Spring Security. How to acheive this?

Thanks,


There are UserDetailsService implementations to use Single Sign On. If one of the provided ones doesn't work for your environment, you can always implement your own UserDetailsService.

Mark
 
Sukumar Gaade
Greenhorn
Posts: 24
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Mark,

Here is what i have in my configuration:

applicationContext.xml
-----------------------


Here is my UserDetailsServiceImpl class:
--------------------------------------


index.jsp
---------


When i access a index.jsp page a login form is presented but i do not want this instead i should be able to get the jsp page directly and depending on user roles i have set in UserDetailsServiceImpl it should display the content accordingly.

I am not sure if i going in the right direction. Could you please guide me in the right direction.

Thanks,
 
Mark Spritzler
ranger
Sheriff
Posts: 17278
6
IntelliJ IDE Mac Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
So your UserDetailsService creates a UserDetails object. In your scenario your implementation of UserDetailsService should be going to the SingleSignOn information. If the sign on is done in a different app, then there should be some "rememberMe" service or Cookie that has the necessary information to get the SingleSignOn information via your UserDetailsService.

At this point, you haven't hooked into the SingleSignOn stuff, just redoing authentication in your app, which will always cause a login page to display.

Unfortunately, Spring Security does require understanding what each small object/part is responsible for, which is a bit of a learning curve. But with this design it really does make it simple to pull out a small part and customize it.

I recommend reading the Spring Security documentation a few times. Unfortunately, for all of us it takes a few reads.

Good Luck

Mark
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic