tags:

views:

1008

answers:

5
+1  Q: 

Authenticate users with SpringSecurity using a WebService that requires a username and password

Currently I am writing a web application using Spring Security. We have a web service which authenticates users by username and password.

Web service:
String[] login(String username, String password);

How do I configure Spring Security to pass the provided username and password to the web service?

I have written a UserDetailsService which only receives a username.

A: 

The idea with UserDetailsService is that your implementation provides a UserDetails object representing the user with that username, and Spring Security handles checking the credentials.

If that kind of design doesn't work well with your backend, because you require the password as a parameter, then you might need to look at implementing your own AuthenticationProvider.

matt b  2009-07-23 12:40:53
+2  A: 

Extend org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider

/**
 * @author rodrigoap
 * 
 */
public class WebServiceUserDetailsAuthenticationProvider extends
 AbstractUserDetailsAuthenticationProvider {

  @Override
  protected UserDetails retrieveUser(String username,
  UsernamePasswordAuthenticationToken authentication)
  throws AuthenticationException {
     //Improve this line:
 String password = authentication.getCredentials().toString();
 // Invoke your webservice here
 GrantedAuthority[] grantedAuth = loginWebService.login(username, password);
 // create UserDetails. Warning: User is deprecated!
 UserDetails userDetails = new User(username, password, grantedAuth);
 return userDetails;
  }

}
rodrigoap  2009-07-23 19:04:56
+2  A: 
Stefan  2009-07-24 21:20:56
A: 

I have implemented almost identical solution but the retrieveUser() method is not firing. Do you have any suggestions?

tandem  2009-08-27 09:00:26
Did you turned off the auto-config? Does your class extend AbstractUserDetailsAuthenticationProvider? And what did you do different then my code?
Stefan  2009-08-27 13:05:08
auto-config is off. yes I extended AbstractUserDetailsAuthenticationProvider. The only think I can think is that my app is using spring webflows.
tandem  2009-08-27 13:14:59
sorted it the processing url was getting blocked by authentication
tandem  2009-09-03 13:36:12
A: 

I think the problem is with your xml. Did you turned off the auto-config? And does your class extend AbstractUserDetailsAuthenticationProvider?

Stefan  2009-08-27 13:03:11

related questions

Displaying Version Information in a Web Service
Example Web Service
SoapException: Root element is missing occurs when .NET web service called from Flex
Best practice for webservices
What is your preferred method of sending complex data over a web service?
.Net - Returning DataTables in WCF
Is it possible to return objects from a WebService?
How much extra overhead is generated when sending a file over a web service as a byte array?
Returning Large Results Via a Webservice
File Uploads via Web Services
best way to persist data in .NET Web Service
What is the difference between an endpoint, a service, and a port when working with webservices?
Calling REST web services from a classic asp page
Best way to write a RESTful service "client" in .Net?
Where can I find some good WS-Security introductions and tutorials?
ASP.NET Web Service Results, Proxy Classes and Type Conversion
Web Services -- WCF vs. Standard
C# WCF Service - Backward compatibility issue
Document or RPC based web services
How to easily consume a web service from PHP
Timer-based event triggers
How to pass enumerated values to a web service
Homegrown consumption of web services
How do I print an HTML document from a web service?
How do I fill a DataSet or a DataTable from a LINQ query resultset ?