Spring 3 - Custom Security

Question

I am in the process of converting a legacy application from proprietary technology to a Spring based web app, leaving the backend system as is. The login service is provided by the backend system through a function call that takes in some parameter (username, password plus some others) and provides an output that includes the authroizations for the user and other properties like firstname, lastname etc.

What do I need to do to weave this into Spring 3.0 security module. Looks like I need to provide a custom AuthenticationProvider implementation (is this where I call the backend function?). Do I also need a custom UserDetails and UserDetailsService implementation which needs loadUserByName(String userName)?

Any pointers on good documentation for this? The reference that came with the download is okay, but doesn't help too much in terms of implementing custom security.

Answer 1

You only need to implement a UserDetailService, only when you like to make available some User details that's don't fit in the standard Spring User details class: org.springframework.security.core.userdetails.User you need to implement one for you're selves.

A good example you find here (just replace the hibernate stuff, with what ever you use for communicating with the backend).