tags:

views:

118

answers:

1
+1  Q: 

How to set up Spring security to authenticate signed requests?

Hi

Does spring support authentication of signed requests? (like those provided by open social Signed authorization ,i.e open social makeRequest API)

if so, how do you configure it?

Best Regards

Yaniv

+1  A: 

Based on the Spring Security site it looks like it does not support it. But nothing stops you from implementing it. You will have to implement custom AbstractProcessingFilter (just like there is a filter for CAS CasProcessingFilter, login form AuthenticationProcessingFilter and OpenId OpenIDAuthenticationProcessingFilter). You might also have to implement AuthenticationProvider and configure it similar to this:

<bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
<property name="providers">
    <list>
      <ref local="myAuthenticationProvider" />
    </list>
  </property>
</bean>
Georgy Bolyuba  2010-02-24 10:10:16
The current implementation of spring oauth now supports this
Yaniv Cohen  2010-08-03 17:53:50

related questions

Should unauthorized actions in the UI be hidden, disabled, or result in an error?
Porting JDBCRealm from tomcat to OC4J
Any frameworks on Authentication & Authorization for Windows Form Application?
How to design database for authorization and authentication
ASP.NET MVC Authorization
Custom Rails authentication / authorization
How to handle authorization when using NHibernate in .NET
How to allow authorization to an rss feed using ASP.NET MVC?
Security integration with arcPlan Enterprise
Best way to implement fine-grained authorization for a web application?
Authentication system for ASP.NET web applications?
User Access Checking for Rights on Particular Database Objects or Records
Authorizing REST Requests
Why does AuthorizeAttribute redirect to the login page for authentication and authorization failures?
How do you restrict access to a certain user using ASP.NET MVC?
Scalable/Reusable Authorization Model
Forms Authentication Error in WCF
What are the best-practices around resource list authorization?
Can CLIENT-CERT auth-method be used with a JDBC realm within tomcat?
Non-interactive authentication/authorization for XML-RPC?
WCF Service authorization patterns
Managing large user databases for single-signon.
Best way to handle user account authentication and passwords
Best practise to authorize all users for just one page in asp.net
Why do I get the error "Unable to update the password" when calling AzMan?