my dog learned polymorphism*
The moose likes Spring and the fly likes Spring Security - Choosing Authentication Provider at runtime Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Frameworks » Spring
Bookmark "Spring Security - Choosing Authentication Provider at runtime" Watch "Spring Security - Choosing Authentication Provider at runtime" New topic
Author

Spring Security - Choosing Authentication Provider at runtime

Martijn Verburg
author
Bartender

Joined: Jun 24, 2003
Posts: 3274
    
    5

Hi all,

I've had no luck over on the Spring forums.

I'm using Spring Security 2.0.5.RELEASE and was wonder if it was possible to have two authentication providers set-up and then have a runtime flag determining which one to use.

e.g. Swapping between LDAP authentication and basic DB authentication.

So for example I'd like to have the following configured:



And have the DB authentication provider as a default, but be able to swap to the LDAP provider at runtime.

Has anyone tried this before?


Cheers, Martijn - Blog,
Twitter, PCGen, Ikasan, My The Well-Grounded Java Developer book!,
My start-up.
Jaikiran Pai
Marshal

Joined: Jul 20, 2005
Posts: 9953
    
161

I don't have much idea about Spring, but:

I'm using Spring Security 2.0.5.RELEASE and was wonder if it was possible to have two authentication providers set-up and then have a runtime flag determining which one to use.


Maybe you could have your custom authentication provider, backed by a LDAP authentication provider and a DB authentication provide, which uses a flag to dynamically switch between the two.

By the way, I would have thought that authentication providers do not change at runtime. i.e. I haven't seen applications where at runtime it would switch to a different authentication backend. They are usually configured during deployment time.


[My Blog] [JavaRanch Journal]
Martijn Verburg
author
Bartender

Joined: Jun 24, 2003
Posts: 3274
    
    5

Hi Jaikiran,

The Use Case is for a Web Console Administrator to choose between two authentication providers. So for example I'd like to be able to:

1.) Start with the DB authentication provider (supported by web pages that will allow them to change passwords etc)
2.) Swap to an Active Directory provider (which means that the change password etc functionality would be greyed out)

Your flag idea might just work, I probably can't get it to work purely dynamically (what would happen to users already logged in for example?), but it wouldn't be unreasonable to restart the web app after the config change.

I'll go and have a play
Mark Spritzler
ranger
Sheriff

Joined: Feb 05, 2001
Posts: 17249
    
    6

Actually, it should be much more simpler.

Just add each provider to the list in the ProviderManager. You should have an equivalent in the security namespace. I just copied this from the Spring Security documentation.



Mark


Perfect World Programming, LLC - Two Laptop Bag - Tube Organizer
How to Ask Questions the Smart Way FAQ
Martijn Verburg
author
Bartender

Joined: Jun 24, 2003
Posts: 3274
    
    5

That definitely looks interesting, time for another serious perusal of those docs (you can never re-read security docs enough!)
Mark Spritzler
ranger
Sheriff

Joined: Feb 05, 2001
Posts: 17249
    
    6

Martijn Verburg wrote:That definitely looks interesting, time for another serious perusal of those docs (you can never re-read security docs enough!)


Exactly. I must have read the whole thing at least 4-5 times already, and each time pick up something else.

Mark
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Spring Security - Choosing Authentication Provider at runtime
 
Similar Threads
Integrating Spring & JDBC into JSF2 login page
Spring LDAP/Active Directory Security: Authenticate User w/out Using an Admin/Mgr Account
Using other Authentication Providers
How to authenticate a user using open Id after logging in the system
How do I specify Open ID Realm in spring security ?