• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Liutauras Vilda
  • Paul Clapham
Sheriffs:
  • paul wheaton
  • Tim Cooke
  • Henry Wong
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Piet Souris
Bartenders:
  • Mike London

Security - authorization without authentication

 
Ranch Hand
Posts: 79
Eclipse IDE Spring Chrome
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I need to do authorization only using spring security - authentication is taken care of already.
While there is little inputs on same I found - no clear guidelines I could trace.
Any help is appreciated.

Thanks.
 
Ranch Hand
Posts: 148
Hibernate Tomcat Server Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

The link has a good explanation about spring user security(both Authentication and Authorization)

Although its given with JSF,hope this will help in getting your work done.

Thanks

 
Rohit Mehta
Ranch Hand
Posts: 79
Eclipse IDE Spring Chrome
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks Vijay, this is helpful; but I am looking something closer to Spring MVC - & only for Authorization.
 
author
Posts: 422
13
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

The question I'd have for you is: How is authentication performed for you already?

In a basic Spring Security scenario, Spring Security handles both authentication and authorization. But there are other cases where Spring Security delegates to something else for authentication. OpenID and CAS are a few examples of this. In those cases, Spring Security still participates in authentication (as if it were going to do the authentication itself), but ultimate hands off to something else to do the actual authentication.

Upon return from the actual authentication, Spring Security may be given a token or perhaps some identifying information about the user. It uses that to lookup authorization data for the user which it uses to enforce authorization rules.

I don't know the specifics of how security is already handled in your case. If it's not something that Spring Security already provides support for, I'd bet it's not hard to write an authentication provider implementation to plug your authentication mechanism into Spring Security. But again...I don't know the details of your authentication mechanism. I'd encourage you to look at how Spring Security's OpenID and CAS support is implemented to draw inspiration.
 
Rohit Mehta
Ranch Hand
Posts: 79
Eclipse IDE Spring Chrome
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Here is something which might interest you, as we are trying to do this with OSGI bundles.. though with blurred lines.

Its a hybrid sort of architecture, the authentication process has been placed within a bundle which returning an authToken (of type - org.springframework.security.Authentication)
Now as this is working, we need to place just authorization - which I feel must go outside bundle - within spring MVC.
Thus I need to know how to authorize it & what are my options.
 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Why don't you try using pre-authentication filter.
something like this was already posted here:
http://forum.spring.io/forum/spring-projects/security/89136-need-help-on-spring-security-authorization-without-authentication
reply
    Bookmark Topic Watch Topic
  • New Topic