java - Using Cookie for Authentication with Restful service in Spring -


i've used spring security secure restful web services built spring, in past request has used authentication headers authentication. need secure application when user's credentials in cookie.

i'm trying figure out best way either extract user's information cookie , put authentication header, or ideally use value of cookie loaduserbyusername method in userdetailsservice bean.

so far i've come few ideas how this:

  1. i add handlerinterceptor use cookie add authentication headers requests. however, not requests require authentication, if did want apply methods or request mappings , not others, , don't know how that.

  2. i implement authenticationentrypoint show in this tutorial. in tutorial though don't understand why has response.senderror( httpservletresponse.sc_unauthorized, "unauthorized" ); body of commence method. in use case, adding authentication header using cookie there?

  3. i perform security checks using custom method in first line of controller methods. seems when follow spring security's ideal path, it's pretty solution. need seems straying that, though, , requirements quite simple. maybe i'd better off doing easy old-fashioned way?

  4. some better idea don't know / haven't thought of!

i appreciate , thoughts!

if got requirements correctly, might easiest use spring security's pre-authentication framework classes implement desired auth mechanism.

in general, these classes designed support scenarios, authentication mechanism provided external system ensures http requests contain kind of authentication information can used webapp. in case auth info seems in cookie can used identify user.

assuming have userdetailsservice implementation users name, implement requirements:

1) create subclass of abstractpreauthenticatedprocessingfilter implementing abstract method getpreauthenticatedprincipal(httpservletrequest) extract principal (user name) cookie. there abstract method (getpreauthenticatedcredentials()) may return null, if there no credentials in request. logic implemented in abstract superclass creates auth token containing extracted principal, , submits auth manager.

2) create bean of type preauthenticatedauthenticationprovider receive auth token auth manager, in order populate (load user's roles). class needs injected variant of userdetailsservice takes whole auth token instead of user name. can use userdetailsbynameservicewrapper adapt original userdetailsservice interface:

<bean id="preauthauthprovider" class="org.springframework.security.web.authentication.preauth.preauthenticatedauthenticationprovider">     <property name="preauthenticateduserdetailsservice">         <bean id="userdetailsservicewrapper" class="org.springframework.security.core.userdetails.userdetailsbynameservicewrapper">             <property name="userdetailsservice" ref="youruserdetailsservice"/>         </bean>     </property> </bean>

3) wire things using configuration similar what's shown in the documentation:

<security:http>     ...     <security:custom-filter position="pre_auth_filter" ref="preauthfilter" /> </security:http>  <bean id="preauthfilter" class="com.whatever.yourpreauthfilter"/>  <security:authentication-manager>     <security:authentication-provider ref="preauthauthprovider" /> </security:authentication-manager>

so, needed implement requirements subclass 1 single method, , additional configuration wire existing supporting classes.


Comments

Post a Comment

Popular posts from this blog

c# - DetailsView in ASP.Net - How to add another column on the side/add a control in each row? -

i have detailsview control on page used edit various fields of record, works in respect. i looking way add 1 column (and if works, why not more) right, absolutely read-only, show same fields of record comparison purposes. i aware there no obvious way such thing out of box detailsview . have looked other controls (transposed gridview , recommended formview , listview ), nothing satisfies. have special data binding setup using detailsview , can't out of without losing features. anyone on how "hack in" additional columns (for display only) on detailsview ? the solution have now, use second detailsview , visible set false in aspx. in code, make sure databind hidden detailsview hosts data third column first, initial detailsview named itemdetails . and in item created event, pass third column html rendering of hidden controls (in last code block) : protected void itemdetails_itemcreated(object sender, eventargs e) { if (dataite
Read more

javascript - firefox memory leak -

i have following script (i use raphaeljs also) draws circle, waits 1 second, draws circle again, etc (you can copy paste - functional, need include raphael raphaeljs.com): <div id="holder"> </div> <script src="raphael.js" type="text/javascript"></script> <script> var paper = raphael(10, 50, 320, 200); var rad = math.pi / 180; var finangle = 0; function sector(cx, cy, r, startangle, endangle, params) { var x1 = cx + r * math.cos(-startangle * rad), x2 = cx + r * math.cos(-endangle * rad), y1 = cy + r * math.sin(-startangle * rad), y2 = cy + r * math.sin(-endangle * rad); return ["m", cx, cy, "l", x1, y1, "a", r, r, 0, +(endangle - startangle > 180), 0, x2, y2]; } var path = sector(100,100,50,0,180); var arc = paper.path(path); function draw() { path = sector(100,100,50,0,finangle);
Read more

Trying to import CSV file to a SQL Server database using asp.net and c# - can't find what I'm missing -

i student , quite new programming, , given task using asp.net , c#, without being taught either. plan learn teach ourselves. the task stuck on making website import csv file sql server database of last year's room bookings around campus. the table has following columns: request_id; priority; module_id; day; start_time; length; park; students; room_code; status; semester_id; linked_request; week_1; week_2; week_3; week_4; week_5; week_6; week_7; week_8; week_9; week_10; week_11; week_12; week_13; week_14; week_15; ) in code, try make work 3 columns (request_id,priority,module) starters. when press import button, want read .csv file (with fixed name @ fixed directory) eg "1,2,3" - comma separating fields [delimiter] - , import sql server datab
Read more