Quantcast
Grails Grails - user

Spring Security Core, how to check if there is a user with a specific username and password and has proper authentication properties.

classic Classic list List threaded Threaded
8 messages Options
netbrain
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Spring Security Core, how to check if there is a user with a specific username and password and has proper authentication properties.

netbrain
How can i check if there is a user with a given username and password, and has valid authentication properties like enabled, not expired. e.g can login and be authenticated. Without actually authenticating the user? I just want to do the check..

I know i can do it myself by User.findByUsernameAndPassword(username,springSecurityService.encodePassword(password)), and in addition check for enabled flags and such... but i thought maybe this functionality i'm looking for already exists in the spring security core package..


Any clues?

Thanks again

-Kim
burtbeckwith
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Spring Security Core, how to check if there is a user with a specific username and password and has proper authentication properties.

burtbeckwith
Get access to the 'authenticationManager' bean (e.g. with 'def authenticationManager' in your service or other artifact that supports dependency injection)

and use this code:

import org.springframework.security.authentication.UsernamePasswordAuthenticationToken
import org.springframework.security.core.AuthenticationException

boolean valid = true
try {
   authenticationManager.authenticate new UsernamePasswordAuthenticationToken(username, password)
}
catch (AuthenticationException e) {
   valid = false
}

Burt

On Friday, January 20, 2012 07:19:03 PM Kim Eik wrote:

> How can i check if there is a user with a given username and password, and
> has valid authentication properties like enabled, not expired. e.g can
> login and be authenticated. Without actually authenticating the user? I
> just want to do the check..
>
> I know i can do it myself by
> User.findByUsernameAndPassword(username,springSecurityService.encodePassword(password)),
> and in addition check for enabled flags and such... but i thought maybe
> this functionality i'm looking for already exists in the spring security
> core package..
>
>
> Any clues?
>
> Thanks again
>
> -Kim

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email
netbrain
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Spring Security Core, how to check if there is a user with a specific username and password and has proper authentication properties.

netbrain
def authenticationManager doesn't get autowired..

Do i need to manually wire this bean to resources.groovy? e.g authenticationManager(ProviderManager)?

On Fri, Jan 20, 2012 at 7:33 PM, Burt Beckwith <[hidden email]> wrote:
Get access to the 'authenticationManager' bean (e.g. with 'def authenticationManager' in your service or other artifact that supports dependency injection)

and use this code:

import org.springframework.security.authentication.UsernamePasswordAuthenticationToken
import org.springframework.security.core.AuthenticationException

boolean valid = true
try {
  authenticationManager.authenticate new UsernamePasswordAuthenticationToken(username, password)
}
catch (AuthenticationException e) {
  valid = false
}

Burt

On Friday, January 20, 2012 07:19:03 PM Kim Eik wrote:
> How can i check if there is a user with a given username and password, and
> has valid authentication properties like enabled, not expired. e.g can
> login and be authenticated. Without actually authenticating the user? I
> just want to do the check..
>
> I know i can do it myself by
> User.findByUsernameAndPassword(username,springSecurityService.encodePassword(password)),
> and in addition check for enabled flags and such... but i thought maybe
> this functionality i'm looking for already exists in the spring security
> core package..
>
>
> Any clues?
>
> Thanks again
>
> -Kim

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

   http://xircles.codehaus.org/manage_email
netbrain
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Spring Security Core, how to check if there is a user with a specific username and password and has proper authentication properties.

netbrain
Oh btw, im trying to inject authenticationManager into a controller.

-Kim

On Fri, Jan 20, 2012 at 8:42 PM, Kim Eik <[hidden email]> wrote:
def authenticationManager doesn't get autowired..

Do i need to manually wire this bean to resources.groovy? e.g authenticationManager(ProviderManager)?


On Fri, Jan 20, 2012 at 7:33 PM, Burt Beckwith <[hidden email]> wrote:
Get access to the 'authenticationManager' bean (e.g. with 'def authenticationManager' in your service or other artifact that supports dependency injection)

and use this code:

import org.springframework.security.authentication.UsernamePasswordAuthenticationToken
import org.springframework.security.core.AuthenticationException

boolean valid = true
try {
  authenticationManager.authenticate new UsernamePasswordAuthenticationToken(username, password)
}
catch (AuthenticationException e) {
  valid = false
}

Burt

On Friday, January 20, 2012 07:19:03 PM Kim Eik wrote:
> How can i check if there is a user with a given username and password, and
> has valid authentication properties like enabled, not expired. e.g can
> login and be authenticated. Without actually authenticating the user? I
> just want to do the check..
>
> I know i can do it myself by
> User.findByUsernameAndPassword(username,springSecurityService.encodePassword(password)),
> and in addition check for enabled flags and such... but i thought maybe
> this functionality i'm looking for already exists in the spring security
> core package..
>
>
> Any clues?
>
> Thanks again
>
> -Kim

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

   http://xircles.codehaus.org/manage_email
netbrain
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Spring Security Core, how to check if there is a user with a specific username and password and has proper authentication properties.

netbrain
Oh, nevermind, coding mistake on my part. 
This works great. thanks a bunch!

-Kim

On Fri, Jan 20, 2012 at 8:46 PM, Kim Eik <[hidden email]> wrote:
Oh btw, im trying to inject authenticationManager into a controller.

-Kim


On Fri, Jan 20, 2012 at 8:42 PM, Kim Eik <[hidden email]> wrote:
def authenticationManager doesn't get autowired..

Do i need to manually wire this bean to resources.groovy? e.g authenticationManager(ProviderManager)?


On Fri, Jan 20, 2012 at 7:33 PM, Burt Beckwith <[hidden email]> wrote:
Get access to the 'authenticationManager' bean (e.g. with 'def authenticationManager' in your service or other artifact that supports dependency injection)

and use this code:

import org.springframework.security.authentication.UsernamePasswordAuthenticationToken
import org.springframework.security.core.AuthenticationException

boolean valid = true
try {
  authenticationManager.authenticate new UsernamePasswordAuthenticationToken(username, password)
}
catch (AuthenticationException e) {
  valid = false
}

Burt

On Friday, January 20, 2012 07:19:03 PM Kim Eik wrote:
> How can i check if there is a user with a given username and password, and
> has valid authentication properties like enabled, not expired. e.g can
> login and be authenticated. Without actually authenticating the user? I
> just want to do the check..
>
> I know i can do it myself by
> User.findByUsernameAndPassword(username,springSecurityService.encodePassword(password)),
> and in addition check for enabled flags and such... but i thought maybe
> this functionality i'm looking for already exists in the spring security
> core package..
>
>
> Any clues?
>
> Thanks again
>
> -Kim

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

   http://xircles.codehaus.org/manage_email
netbrain
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Spring Security Core, how to check if there is a user with a specific username and password and has proper authentication properties.

netbrain
Burt, is there any way to check if a user is valid for authentication if you don't have the user's password? e.g would this work? authenticationManager.authenticate new UsernamePasswordAuthenticationToken(username, null)

On Fri, Jan 20, 2012 at 8:53 PM, Kim Eik <[hidden email]> wrote:
Oh, nevermind, coding mistake on my part. 
This works great. thanks a bunch!

-Kim


On Fri, Jan 20, 2012 at 8:46 PM, Kim Eik <[hidden email]> wrote:
Oh btw, im trying to inject authenticationManager into a controller.

-Kim


On Fri, Jan 20, 2012 at 8:42 PM, Kim Eik <[hidden email]> wrote:
def authenticationManager doesn't get autowired..

Do i need to manually wire this bean to resources.groovy? e.g authenticationManager(ProviderManager)?


On Fri, Jan 20, 2012 at 7:33 PM, Burt Beckwith <[hidden email]> wrote:
Get access to the 'authenticationManager' bean (e.g. with 'def authenticationManager' in your service or other artifact that supports dependency injection)

and use this code:

import org.springframework.security.authentication.UsernamePasswordAuthenticationToken
import org.springframework.security.core.AuthenticationException

boolean valid = true
try {
  authenticationManager.authenticate new UsernamePasswordAuthenticationToken(username, password)
}
catch (AuthenticationException e) {
  valid = false
}

Burt

On Friday, January 20, 2012 07:19:03 PM Kim Eik wrote:
> How can i check if there is a user with a given username and password, and
> has valid authentication properties like enabled, not expired. e.g can
> login and be authenticated. Without actually authenticating the user? I
> just want to do the check..
>
> I know i can do it myself by
> User.findByUsernameAndPassword(username,springSecurityService.encodePassword(password)),
> and in addition check for enabled flags and such... but i thought maybe
> this functionality i'm looking for already exists in the spring security
> core package..
>
>
> Any clues?
>
> Thanks again
>
> -Kim

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

   http://xircles.codehaus.org/manage_email
olivertynes
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Spring Security Core, how to check if there is a user with a specific username and password and has proper authentication properties.

olivertynes
I might not quite be getting what you're asking for, but how does this
differ from if(User.findByUsername(username)) { //some logic }  ?

That is, since without a password you can't really check anything else
than there being a user with that username in the db..

-Oliver

On Tue, Feb 7, 2012 at 8:27 PM, Kim Eik <[hidden email]> wrote:

> Burt, is there any way to check if a user is valid for authentication if you
> don't have the user's password? e.g would this
> work? authenticationManager.authenticate new
> UsernamePasswordAuthenticationToken(username, null)
>
>
> On Fri, Jan 20, 2012 at 8:53 PM, Kim Eik <[hidden email]> wrote:
>>
>> Oh, nevermind, coding mistake on my part.
>> This works great. thanks a bunch!
>>
>> -Kim
>>
>>
>> On Fri, Jan 20, 2012 at 8:46 PM, Kim Eik <[hidden email]> wrote:
>>>
>>> Oh btw, im trying to inject authenticationManager into a controller.
>>>
>>> -Kim
>>>
>>>
>>> On Fri, Jan 20, 2012 at 8:42 PM, Kim Eik <[hidden email]> wrote:
>>>>
>>>> def authenticationManager doesn't get autowired..
>>>>
>>>> Do i need to manually wire this bean to resources.groovy? e.g
>>>> authenticationManager(ProviderManager)?
>>>>
>>>>
>>>> On Fri, Jan 20, 2012 at 7:33 PM, Burt Beckwith <[hidden email]>
>>>> wrote:
>>>>>
>>>>> Get access to the 'authenticationManager' bean (e.g. with 'def
>>>>> authenticationManager' in your service or other artifact that supports
>>>>> dependency injection)
>>>>>
>>>>> and use this code:
>>>>>
>>>>> import
>>>>> org.springframework.security.authentication.UsernamePasswordAuthenticationToken
>>>>> import org.springframework.security.core.AuthenticationException
>>>>>
>>>>> boolean valid = true
>>>>> try {
>>>>>   authenticationManager.authenticate new
>>>>> UsernamePasswordAuthenticationToken(username, password)
>>>>> }
>>>>> catch (AuthenticationException e) {
>>>>>   valid = false
>>>>> }
>>>>>
>>>>> Burt
>>>>>
>>>>> On Friday, January 20, 2012 07:19:03 PM Kim Eik wrote:
>>>>> > How can i check if there is a user with a given username and
>>>>> > password, and
>>>>> > has valid authentication properties like enabled, not expired. e.g
>>>>> > can
>>>>> > login and be authenticated. Without actually authenticating the user?
>>>>> > I
>>>>> > just want to do the check..
>>>>> >
>>>>> > I know i can do it myself by
>>>>> >
>>>>> > User.findByUsernameAndPassword(username,springSecurityService.encodePassword(password)),
>>>>> > and in addition check for enabled flags and such... but i thought
>>>>> > maybe
>>>>> > this functionality i'm looking for already exists in the spring
>>>>> > security
>>>>> > core package..
>>>>> >
>>>>> >
>>>>> > Any clues?
>>>>> >
>>>>> > Thanks again
>>>>> >
>>>>> > -Kim
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe from this list, please visit:
>>>>>
>>>>>    http://xircles.codehaus.org/manage_email
>>>>>
>>>>>
>>>>
>>>
>>
>



--
*****
Oliver Tynes
Developer
Uni CIPR -- www.cipr.uni.no
55588266
*****

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email
netbrain
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Spring Security Core, how to check if there is a user with a specific username and password and has proper authentication properties.

netbrain
Im trying to see if the user is valid in respect to spring security core's user properties like 'enabled','accountExpired','accountLocked','passwordExpired' etc.

On Tue, Feb 7, 2012 at 8:38 PM, Oliver Severin Tynes <[hidden email]> wrote:
I might not quite be getting what you're asking for, but how does this
differ from if(User.findByUsername(username)) { //some logic }  ?

That is, since without a password you can't really check anything else
than there being a user with that username in the db..

-Oliver

On Tue, Feb 7, 2012 at 8:27 PM, Kim Eik <[hidden email]> wrote:
> Burt, is there any way to check if a user is valid for authentication if you
> don't have the user's password? e.g would this
> work? authenticationManager.authenticate new
> UsernamePasswordAuthenticationToken(username, null)
>
>
> On Fri, Jan 20, 2012 at 8:53 PM, Kim Eik <[hidden email]> wrote:
>>
>> Oh, nevermind, coding mistake on my part.
>> This works great. thanks a bunch!
>>
>> -Kim
>>
>>
>> On Fri, Jan 20, 2012 at 8:46 PM, Kim Eik <[hidden email]> wrote:
>>>
>>> Oh btw, im trying to inject authenticationManager into a controller.
>>>
>>> -Kim
>>>
>>>
>>> On Fri, Jan 20, 2012 at 8:42 PM, Kim Eik <[hidden email]> wrote:
>>>>
>>>> def authenticationManager doesn't get autowired..
>>>>
>>>> Do i need to manually wire this bean to resources.groovy? e.g
>>>> authenticationManager(ProviderManager)?
>>>>
>>>>
>>>> On Fri, Jan 20, 2012 at 7:33 PM, Burt Beckwith <[hidden email]>
>>>> wrote:
>>>>>
>>>>> Get access to the 'authenticationManager' bean (e.g. with 'def
>>>>> authenticationManager' in your service or other artifact that supports
>>>>> dependency injection)
>>>>>
>>>>> and use this code:
>>>>>
>>>>> import
>>>>> org.springframework.security.authentication.UsernamePasswordAuthenticationToken
>>>>> import org.springframework.security.core.AuthenticationException
>>>>>
>>>>> boolean valid = true
>>>>> try {
>>>>>   authenticationManager.authenticate new
>>>>> UsernamePasswordAuthenticationToken(username, password)
>>>>> }
>>>>> catch (AuthenticationException e) {
>>>>>   valid = false
>>>>> }
>>>>>
>>>>> Burt
>>>>>
>>>>> On Friday, January 20, 2012 07:19:03 PM Kim Eik wrote:
>>>>> > How can i check if there is a user with a given username and
>>>>> > password, and
>>>>> > has valid authentication properties like enabled, not expired. e.g
>>>>> > can
>>>>> > login and be authenticated. Without actually authenticating the user?
>>>>> > I
>>>>> > just want to do the check..
>>>>> >
>>>>> > I know i can do it myself by
>>>>> >
>>>>> > User.findByUsernameAndPassword(username,springSecurityService.encodePassword(password)),
>>>>> > and in addition check for enabled flags and such... but i thought
>>>>> > maybe
>>>>> > this functionality i'm looking for already exists in the spring
>>>>> > security
>>>>> > core package..
>>>>> >
>>>>> >
>>>>> > Any clues?
>>>>> >
>>>>> > Thanks again
>>>>> >
>>>>> > -Kim
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe from this list, please visit:
>>>>>
>>>>>    http://xircles.codehaus.org/manage_email
>>>>>
>>>>>
>>>>
>>>
>>
>



--
*****
Oliver Tynes
Developer
Uni CIPR -- www.cipr.uni.no
<a href="tel:55588266" value="+4755588266">55588266
*****

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

   http://xircles.codehaus.org/manage_email
Loading...
Powered by Nabble Edit this page