spring security 3 login programmatically

Question

I'm creating a REST web service using spring and i need to implement login/logout functions in it. The url for the functions should be something like .../api/login and .../api/logout. The username and password will be past using a POST method.

I have a services layer below the REST web service. In the service layer i have the "login" and "logout" functions' code. I want to use spring security to save the logged in user in the context of spring. I found several answers but nothing gives a complete example of how to do it. I also wonder what's the state-of-the-art way of doing this custom authentication with spring security (without using any login form, just programmatic login/logout).

Thanks !

Answer 1

Hi,

The best way is to plugin your authentication implementation into spring security. You can do it by register your own "authentication provider" into spring security.

For example:

<bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
    <property name="providers">
        <list>
            <ref local="myAuthenticationProvider"/>
        </list>
    </property>
</bean>

<bean id="myAuthenticationProvider" class="org.my.web.restapi.authentication.MyAuthenticationProvider"/>

Another thing - I know it's a time consumer, but after reading "Spring security reference" you will definitely get the "big picture" :-): http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html