Tuesday, November 24, 2009

Spring Security Pre-Authentication Integration

Code: SpringBeans.xml 

<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">


 <global-method-security secured-annotations="enabled">
 </global-method-security>
 <http auto-config="false">
  <intercept-url pattern="/login.do*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
  <intercept-url pattern="/**" access="ROLE_USER" />
  <form-login login-page='/login.do' default-target-url='/account/search.do' />
  <custom-filter ref="autoLoginFilter" position="PRE_AUTH_FILTER" />
  <logout logout-url="/logout.do" logout-success-url="/login.do"/>
 </http>

 <beans:bean id="autoLoginFilter" class="com.pg.backoffice.reports.auth.AutoLoginFilter">
  <beans:property name="authenticationManager" ref="authenticationManager" />
 </beans:bean>
 <beans:bean id="preauthAuthProvider"
  class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
  <beans:property name="preAuthenticatedUserDetailsService">
   <beans:bean class="com.pg.backoffice.reports.auth.RsaAuthenticationUserDetailsService"></beans:bean>  
  </beans:property>
  <beans:property name="order" value="1"/>
 </beans:bean>

 <authentication-manager alias="authenticationManager" >
  <authentication-provider ref="preauthAuthProvider" ></authentication-provider>
  <authentication-provider >
   <user-service id="rsaUser">
    <user name="admin" password="admin" authorities="ROLE_SUPERVISOR,ROLE_USER, ROLE_TELLER" />
    <user name="root" password="root" authorities="ROLE_USER,ROLE_TELLER" />
   </user-service>
  </authentication-provider>
 </authentication-manager>

</beans:beans>
Code: AutoLoginFilter 
public class AutoLoginFilter extends AbstractPreAuthenticatedProcessingFilter {

 @Override
 protected Object getPreAuthenticatedCredentials(HttpServletRequest request) {
  String user = request.getParameter("user");
  if (StringUtils.hasLength(user)) {
   return "ROLE_SUPERVISOR";
  } else
   return null;
 }

 @Override
 protected Object getPreAuthenticatedPrincipal(HttpServletRequest request) {
  System.out.println("getPreAuthenticatedCredentials: " + request.getRequestURI());
  String user = request.getParameter("user");
  if (StringUtils.hasLength(user)) {
   return user;
  } else
   return null;
 }
}
Code: 
public class RsaAuthenticationUserDetailsService implements AuthenticationUserDetailsService{

 public UserDetails loadUserDetails(Authentication user) throws UsernameNotFoundException {
  if (user.getPrincipal() != null) {
   Collection<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
   authorities.add(new GrantedAuthorityImpl("ROLE_USER"));
   return new User((String) user.getPrincipal(), "none", true, true, true, true, authorities);
  }
  return null;
 }
}
Posted by at No comments:
Subscribe to: Comments (Atom)