go to  ForumEasy.com   
JavaPro
Home » Archive » Message


[Email To Friend][View in Live Context][prev topic « prev post | next post » next topic]
  Two ways to provide custom login/authentication
 
Subject: Two ways to provide custom login/authentication
Author: WebSpider
In response to: Custom login -- Flow
Posted on: 07/10/2020 05:58:47 PM


   user --------------- /app/list_resource 
                          |
                          v
                   filter: DelegatingFilterProxy
                          |
                          v
                  <http form-login@login-page: /my_login  (1)
                          |
                          v
                  Controller.login(String error, String logout)
                          |
                          v
                  View: login.jsp         action="/where_?"
                       (user's input)  -------------------> match (2) in xml? --no-->  A: (custom process)
                                                                    |
                                                                   yes
                                                                    |
                                                                    v
                                                    B: processed by Spring: <authentication-manager>
                                                                    |


As shown in the above flow chart, there are two possible routes to process authentication:

Route A: If "/where_?" in login.jsp does NOT match "/where_to_process_login" in xml configuration, the traffic is going to flow to custom process controller:
@RequestMapping(value = "/where_to_process_login_custom", method = RequestMethod.POST)
public ModelAndView login_process(@RequestParam String username, @RequestParam String password, HttpSession session){
	/* your custom implementation here ... */
}



Route B: If "/where_?" in login.jsp does match "/where_to_process_login" in xml configuration, the traffic is going to flow to spring process and you can still add your own custom implementation by providing your own autentication-provider:
@Configuration
@EnableWebSecurity
public class DBSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private UserDetailsService userDetailsService; 

    @Override
    protected void configure(HttpSecurity http) throws Exception {
	/* http.authorizeRequests.configuration ... */
    }
	
	
    // XML counterpart (if not defined here by WebSecurityConfigurerAdapter):
    // 	<authentication-manager>
    //     <authentication-provider ref="customAuthenticationProvider" />
    //  </authentication-manager>
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception 
    {
        auth.authenticationProvider(
		    getAuthenticationProvider() // <-- your own provider here
		);  
    }

    @Bean 
    public DaoAuthenticationProvider getAuthenticationProvider(){
        DaoAuthenticationProvider auth = new DaoAuthenticationProvider();
        auth.setUserDetailsService(userDetailsService);
        auth.setPasswordEncoder(passwordEncoder());
        return auth;
    }
    
    @Bean
    public BCryptPasswordEncoder passwordEncoder(){
        return new BCryptPasswordEncoder();
    }
    
}



 

> On 12/06/2017 03:17:43 AM WebSpider wrote:


Ultimate goal: GET /app/list_resource
   user -------------------- /app/list_resource -------------------------------------------------> protected resource


How to reach the goal: GET /app/list_resource
   user --------------- /app/list_resource 
                          |
                          v
                   filter: DelegatingFilterProxy
                          |
                          v
                  <http form-login@login-page: /my_login  (1)
                          |
                          v
                  Controller.login(String error, String logout)
                          |
                          v
                  View: login.jsp         action="/where_"
                       (user's input)  -------------------> match (2) in xml? --no-->  (custom process)
                                                                    |
                                                                   yes
                                                                    |
                                                                    v
                                                    processed by Spring: <authentication-manager>
                                                                    |
                                                                 succeed? --no--> /my_login?error (3)
                                                                    |
                                                                   yes
                                                                    |
                                                                    v
                                    always-use-default-target (5) ==true?  --no--> /app/list_resource -----> protected resource
                                                                    |
                                                                   yes
                                                                    |
                                                                    v
                                                                 /welcome (4)







References:

 


 
Powered by ForumEasy © 2002-2022, All Rights Reserved. | Privacy Policy | Terms of Use
 
Get your own forum today. It's easy and free.