Geek Answers Handbook

Spring Security Based Authentication for REST Service

I am implementing a REST service with Spring MVC and Spring Security (both 3.0.5). I use a security namespace that does not manually define Spring beans. I am having difficulty with the login process. What I'm trying to achieve is the following:

POST for URL / login will begin the authentication process.

There should not be any real form, so I do not use the form-login element .... Without this element, nowhere is the UserPasswordAuthenticationFilter missing in the security chain, so I thought I would add it through the custom-filter element ... and continue from there.

These are its essence, not questions:

  • Is this a good way to implement authentication?
  • How exactly should I add this filter and to what position in the filter chain?
  • is it enough to add this filter or do i need something else?

Any feedback is appreciated. Thank you

+4
source share
1 answer

In general, if you want to configure your authentication, you should use a bean configuration. I found that the namespace-based configuration is only suitable for demo applications. Here are my answers to your questions:

1) As I said above, you should use beans. Check this article for more information: http://blog.springsource.com/2010/03/06/behind-the-spring-security-namespace/ But what you are going to do will also work with requirements that you mentioned so far. 2) It should be added as follows:
<http>
<custom-filter position="FORM_LOGIN_FILTER" ref="myFilter" />
</http>
<beans:bean id="myFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter"/>

3) Note that this filter will also redirect by default to the original request. Therefore, if you do not need a redirect, and just HTTP 200 should be returned to the client, you must implement your own AuthenticationProcessingFilter.

Hope this helps.

+2
source

More articles:


All Articles