I am trying to follow this to incorporate spring security in the framework
http://java.dzone.com/tips/pathway-acegi-spring-security-
i hope to make a basic form based authentication, so i think this would be a great pointer.
if i am using the spring security 3 libraries, would there be any different?
which file is the authentication-manager xml would suppose to be in?
also trying this one and succeed. this one is more complete with the included file http://static.springsource.org/spring-security/site/petclinic-tutorial.html
Some time ago I've done a migration from Acegi Security to Spring Security, and I should say that it went pretty smooth, without any significant issues. So I assume that this libraries (in fact Spring Security is a latter version of Acegi) have not too much differences.
You could include you AuthenticationProvider implementation or any configuration related to a security any context configuration file. However, it's generally preferable to keep in separate Spring XML config file, which name is passed as a parameter along with name of main config file when you are creating ApplicationContext instance.
Suppose you have class MyAuthenticationProvider :
...
import org.springframework.security.providers.AuthenticationProvider;
...
public final class MyAuthenticationProvider implements AuthenticationProvider {
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
...
}
}
This class is a regular Spring bean and therefore you can inject there any other bean you need, particularly DAO object which works with 'Users' table. Inside authenticate method you recieve partially initialized Authentication object. It's supposed to contain username and password. Here you could compare user credentials against database records.