Databases
StackOverflow2013
Postsdbo
POIntegrate Single Sign On using Spring Security
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POIntegrate Single Sign On using Spring Security
    text
    copied!<p>I'm using Spring Security and I would like to use another site as one of my authentication providers. I have a basic form based login on my site. I want to have a link on my site that takes the user to an external site where they will login and that external site will then post a xml response back to me with data that I can verify to see if there was a successful login. Any help would be greatly appreciated!</p> <ol> <li>How do you integrate that flow into Spring Security?</li> <li>Once I get the response back, how would I auto log user on?</li> </ol> <p>example using the guidance below:</p> <p>filter (not shown my data is coming from xml off the request):</p> <pre><code>public class XMLAuthenticationFilter extends AbstractAuthenticationProcessingFilter{ public XMLAuthenticationFilter() { super("/xml_security_check"); } @Override public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException, ServletException { GrantedAuthority[] grantedAuthorities = new GrantedAuthority[] { new GrantedAuthorityImpl("ROLE_USER")}; UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("userid", "pwd", grantedAuthorities); request.getSession(); token.setDetails(new WebAuthenticationDetails(request)); Authentication authenticatedUser = super.getAuthenticationManager().authenticate(token); SecurityContextHolder.getContext().setAuthentication(authenticatedUser); request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, SecurityContextHolder.getContext()); return authenticatedUser; } </code></pre> <p>}</p> <p>Auth Provider:</p> <pre><code>public class XMLAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider{ private UserManager userManager; @Override protected void additionalAuthenticationChecks(UserDetails user, UsernamePasswordAuthenticationToken token) throws AuthenticationException { } @Override protected UserDetails retrieveUser(String userName, UsernamePasswordAuthenticationToken token) throws AuthenticationException { UserDetails user = userManager.getUser(userName); if(user == null){ Users newDCUser = new Users(); newDCUser.setUserId(userName); newDCUser.setRawPassword((String) token.getCredentials()); newDCUser.setFailedLoginAttempts(0); newDCUser.setBeginEffectiveDate(new Date()); newDCUser.setEndEffectiveDate(getEffectiveDate()); userManager.saveUser(newDCUser); } return userManager.loadUserByUsername(userName); } private Date getEffectiveDate(){ Calendar calendar = Calendar.getInstance(); calendar.add(Calendar.YEAR, 10); return calendar.getTime(); } public UserManager getUserManager() { return userManager; } public void setUserManager(UserManager userManager) { this.userManager = userManager; } } </code></pre> <p>bean config:</p> <pre><code>&lt;bean id="xmlAuthenticationFilter" class="com.dc.api.service.impl.XMLAuthenticationFilter"&gt; &lt;property name="authenticationManager" ref="am" /&gt; &lt;/bean&gt; &lt;bean id="xmlAuthenticationProvider" class="com.dc.api.service.impl.XMLAuthenticationProvider"&gt; &lt;property name="userManager" ref="userManager"/&gt; &lt;/bean&gt; </code></pre>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload