Authenticate to spring security core using a service?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Authenticate to spring security core using a service?

Sebastien ARBOGAST
I'm studying the integration of Grails, Vaadin and
Spring-Security-Core for authentication and I figured that the
simplest mechanism would be to inject a service into my Vaadin
application (using getBean()) that simply does what authentication
filters do but without going through them.
I thought there would be such a method in SpringSecurityService but I
could only find methods to know more about current authentication,
nothing to authenticate a username/password.
Is there such a service somewhere in the plugin or elsewhere that I could reuse?
I tried to navigate the source code of Spring Security to see what the
filters were doing but it seems very complex to me with a lot of
options I don't need.
What is the best way to do it?

---
Sébastien Arbogast
http://about.me/sebastienarbogast/bio

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Authenticate to spring security core using a service?

burtbeckwith
See SpringSecurityService.reauthenticate() and SpringSecurityUtils.reauthenticate(). It's intended to be used to rebuild the current authentication after making a change, but can be used to programmatically authenticate.

Burt

> I'm studying the integration of Grails, Vaadin and
> Spring-Security-Core for authentication and I figured that the
> simplest mechanism would be to inject a service into my Vaadin
> application (using getBean()) that simply does what authentication
> filters do but without going through them.
> I thought there would be such a method in SpringSecurityService but I
> could only find methods to know more about current authentication,
> nothing to authenticate a username/password.
> Is there such a service somewhere in the plugin or elsewhere that I could reuse?
> I tried to navigate the source code of Spring Security to see what the
> filters were doing but it seems very complex to me with a lot of
> options I don't need.
> What is the best way to do it?
>
> ---
> Sébastien Arbogast
> http://about.me/sebastienarbogast/bio

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Authenticate to spring security core using a service?

Sebastien ARBOGAST
My mistake. I was so looking for authenticate that I completely missed
reauthenticate :oP
Thanks a lot.

---
Sébastien Arbogast
http://about.me/sebastienarbogast/bio




2011/2/19 Burt Beckwith <[hidden email]>:

> See SpringSecurityService.reauthenticate() and SpringSecurityUtils.reauthenticate(). It's intended to be used to rebuild the current authentication after making a change, but can be used to programmatically authenticate.
>
> Burt
>
>> I'm studying the integration of Grails, Vaadin and
>> Spring-Security-Core for authentication and I figured that the
>> simplest mechanism would be to inject a service into my Vaadin
>> application (using getBean()) that simply does what authentication
>> filters do but without going through them.
>> I thought there would be such a method in SpringSecurityService but I
>> could only find methods to know more about current authentication,
>> nothing to authenticate a username/password.
>> Is there such a service somewhere in the plugin or elsewhere that I could reuse?
>> I tried to navigate the source code of Spring Security to see what the
>> filters were doing but it seems very complex to me with a lot of
>> options I don't need.
>> What is the best way to do it?
>>
>> ---
>> Sébastien Arbogast
>> http://about.me/sebastienarbogast/bio
>
> ---------------------------------------------------------------------
> To unsubscribe from this list, please visit:
>
>    http://xircles.codehaus.org/manage_email
>
>
>

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Authenticate to spring security core using a service?

Sebastien ARBOGAST
Am I mistaking again or reauthenticate does not check the password? It
seems that it just sets the Authentication in SecurityContextHolder

In addition to that, correct me if I'm wrong but SecurityContextHolder
is request-scoped, which would explain that even though I call
reauthenticate with the right username/password combination, when I
call a @Secured-annotated service method after calling reauthenticate,
I get an "Access denied".

I think my Vaadin authentication problem is harder than I thought...

---
Sébastien Arbogast
http://about.me/sebastienarbogast/bio




2011/2/19 Sebastien ARBOGAST <[hidden email]>:

> My mistake. I was so looking for authenticate that I completely missed
> reauthenticate :oP
> Thanks a lot.
>
> ---
> Sébastien Arbogast
> http://about.me/sebastienarbogast/bio
>
>
>
>
> 2011/2/19 Burt Beckwith <[hidden email]>:
>> See SpringSecurityService.reauthenticate() and SpringSecurityUtils.reauthenticate(). It's intended to be used to rebuild the current authentication after making a change, but can be used to programmatically authenticate.
>>
>> Burt
>>
>>> I'm studying the integration of Grails, Vaadin and
>>> Spring-Security-Core for authentication and I figured that the
>>> simplest mechanism would be to inject a service into my Vaadin
>>> application (using getBean()) that simply does what authentication
>>> filters do but without going through them.
>>> I thought there would be such a method in SpringSecurityService but I
>>> could only find methods to know more about current authentication,
>>> nothing to authenticate a username/password.
>>> Is there such a service somewhere in the plugin or elsewhere that I could reuse?
>>> I tried to navigate the source code of Spring Security to see what the
>>> filters were doing but it seems very complex to me with a lot of
>>> options I don't need.
>>> What is the best way to do it?
>>>
>>> ---
>>> Sébastien Arbogast
>>> http://about.me/sebastienarbogast/bio
>>
>> ---------------------------------------------------------------------
>> To unsubscribe from this list, please visit:
>>
>>    http://xircles.codehaus.org/manage_email
>>
>>
>>
>

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Authenticate to spring security core using a service?

burtbeckwith
That's sufficient since there's a filter that detects the active authentication and sets it in the session for future requests. You could set the password and pass it to the DaoAuthenticationProvider to check that the user is valid, enabled, etc. but if you know it's ok and want to force the authentication in, this is how you'd do it (in regular Spring Security anyway).

There might be a filter order problem, if Vaadin fires before Spring Security. If you want, send me a sample app off-list and I'll take a look.

Burt

> Am I mistaking again or reauthenticate does not check the password? It
> seems that it just sets the Authentication in SecurityContextHolder
>
> In addition to that, correct me if I'm wrong but SecurityContextHolder
> is request-scoped, which would explain that even though I call
> reauthenticate with the right username/password combination, when I
> call a @Secured-annotated service method after calling reauthenticate,
> I get an "Access denied".
>
> I think my Vaadin authentication problem is harder than I thought...
>
> ---
> Sébastien Arbogast
> http://about.me/sebastienarbogast/bio
>
>
>
>
> 2011/2/19 Sebastien ARBOGAST <[hidden email]>:
> > My mistake. I was so looking for authenticate that I completely missed
> > reauthenticate :oP
> > Thanks a lot.
> >
> > ---
> > Sébastien Arbogast
> > http://about.me/sebastienarbogast/bio
> >
> >
> >
> >
> > 2011/2/19 Burt Beckwith <[hidden email]>:
> >> See SpringSecurityService.reauthenticate() and SpringSecurityUtils.reauthenticate(). It's intended to be used to rebuild the current authentication after making a change, but can be used to programmatically authenticate.
> >>
> >> Burt
> >>
> >>> I'm studying the integration of Grails, Vaadin and
> >>> Spring-Security-Core for authentication and I figured that the
> >>> simplest mechanism would be to inject a service into my Vaadin
> >>> application (using getBean()) that simply does what authentication
> >>> filters do but without going through them.
> >>> I thought there would be such a method in SpringSecurityService but I
> >>> could only find methods to know more about current authentication,
> >>> nothing to authenticate a username/password.
> >>> Is there such a service somewhere in the plugin or elsewhere that I could reuse?
> >>> I tried to navigate the source code of Spring Security to see what the
> >>> filters were doing but it seems very complex to me with a lot of
> >>> options I don't need.
> >>> What is the best way to do it?
> >>>
> >>> ---
> >>> Sébastien Arbogast
> >>> http://about.me/sebastienarbogast/bio
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe from this list, please visit:
> >>
> >>    http://xircles.codehaus.org/manage_email
> >>
> >>
> >>
> >
>
> ---------------------------------------------------------------------
> To unsubscribe from this list, please visit:
>
>     http://xircles.codehaus.org/manage_email
>
>
>

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Authenticate to spring security core using a service?

Sebastien ARBOGAST
OK. I managed to get the filter thing working, but I'm still
struggling with validating the credentials. What do you mean by "pass
it to the DaoAuthenticationProvider to check that the user is valid,
enabled, etc" ?

---
Sébastien Arbogast
http://about.me/sebastienarbogast/bio




2011/2/20 Burt Beckwith <[hidden email]>:

> That's sufficient since there's a filter that detects the active authentication and sets it in the session for future requests. You could set the password and pass it to the DaoAuthenticationProvider to check that the user is valid, enabled, etc. but if you know it's ok and want to force the authentication in, this is how you'd do it (in regular Spring Security anyway).
>
> There might be a filter order problem, if Vaadin fires before Spring Security. If you want, send me a sample app off-list and I'll take a look.
>
> Burt
>
>> Am I mistaking again or reauthenticate does not check the password? It
>> seems that it just sets the Authentication in SecurityContextHolder
>>
>> In addition to that, correct me if I'm wrong but SecurityContextHolder
>> is request-scoped, which would explain that even though I call
>> reauthenticate with the right username/password combination, when I
>> call a @Secured-annotated service method after calling reauthenticate,
>> I get an "Access denied".
>>
>> I think my Vaadin authentication problem is harder than I thought...
>>
>> ---
>> Sébastien Arbogast
>> http://about.me/sebastienarbogast/bio
>>
>>
>>
>>
>> 2011/2/19 Sebastien ARBOGAST <[hidden email]>:
>> > My mistake. I was so looking for authenticate that I completely missed
>> > reauthenticate :oP
>> > Thanks a lot.
>> >
>> > ---
>> > Sébastien Arbogast
>> > http://about.me/sebastienarbogast/bio
>> >
>> >
>> >
>> >
>> > 2011/2/19 Burt Beckwith <[hidden email]>:
>> >> See SpringSecurityService.reauthenticate() and SpringSecurityUtils.reauthenticate(). It's intended to be used to rebuild the current authentication after making a change, but can be used to programmatically authenticate.
>> >>
>> >> Burt
>> >>
>> >>> I'm studying the integration of Grails, Vaadin and
>> >>> Spring-Security-Core for authentication and I figured that the
>> >>> simplest mechanism would be to inject a service into my Vaadin
>> >>> application (using getBean()) that simply does what authentication
>> >>> filters do but without going through them.
>> >>> I thought there would be such a method in SpringSecurityService but I
>> >>> could only find methods to know more about current authentication,
>> >>> nothing to authenticate a username/password.
>> >>> Is there such a service somewhere in the plugin or elsewhere that I could reuse?
>> >>> I tried to navigate the source code of Spring Security to see what the
>> >>> filters were doing but it seems very complex to me with a lot of
>> >>> options I don't need.
>> >>> What is the best way to do it?
>> >>>
>> >>> ---
>> >>> Sébastien Arbogast
>> >>> http://about.me/sebastienarbogast/bio
>> >>
>> >> ---------------------------------------------------------------------
>> >> To unsubscribe from this list, please visit:
>> >>
>> >>    http://xircles.codehaus.org/manage_email
>> >>
>> >>
>> >>
>> >
>>
>> ---------------------------------------------------------------------
>> To unsubscribe from this list, please visit:
>>
>>     http://xircles.codehaus.org/manage_email
>>
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe from this list, please visit:
>
>    http://xircles.codehaus.org/manage_email
>
>
>

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email


Loading...