• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Spring Security - Choosing Authentication Provider at runtime

 
Martijn Verburg
author
Bartender
Posts: 3275
5
Eclipse IDE Java Mac OS X
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,

I've had no luck over on the Spring forums.

I'm using Spring Security 2.0.5.RELEASE and was wonder if it was possible to have two authentication providers set-up and then have a runtime flag determining which one to use.

e.g. Swapping between LDAP authentication and basic DB authentication.

So for example I'd like to have the following configured:



And have the DB authentication provider as a default, but be able to swap to the LDAP provider at runtime.

Has anyone tried this before?
 
Jaikiran Pai
Marshal
Pie
Posts: 10444
227
IntelliJ IDE Ubuntu
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I don't have much idea about Spring, but:

I'm using Spring Security 2.0.5.RELEASE and was wonder if it was possible to have two authentication providers set-up and then have a runtime flag determining which one to use.


Maybe you could have your custom authentication provider, backed by a LDAP authentication provider and a DB authentication provide, which uses a flag to dynamically switch between the two.

By the way, I would have thought that authentication providers do not change at runtime. i.e. I haven't seen applications where at runtime it would switch to a different authentication backend. They are usually configured during deployment time.

 
Martijn Verburg
author
Bartender
Posts: 3275
5
Eclipse IDE Java Mac OS X
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Jaikiran,

The Use Case is for a Web Console Administrator to choose between two authentication providers. So for example I'd like to be able to:

1.) Start with the DB authentication provider (supported by web pages that will allow them to change passwords etc)
2.) Swap to an Active Directory provider (which means that the change password etc functionality would be greyed out)

Your flag idea might just work, I probably can't get it to work purely dynamically (what would happen to users already logged in for example?), but it wouldn't be unreasonable to restart the web app after the config change.

I'll go and have a play
 
Mark Spritzler
ranger
Sheriff
Posts: 17276
6
IntelliJ IDE Mac Spring
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Actually, it should be much more simpler.

Just add each provider to the list in the ProviderManager. You should have an equivalent in the security namespace. I just copied this from the Spring Security documentation.



Mark
 
Martijn Verburg
author
Bartender
Posts: 3275
5
Eclipse IDE Java Mac OS X
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That definitely looks interesting, time for another serious perusal of those docs (you can never re-read security docs enough!)
 
Mark Spritzler
ranger
Sheriff
Posts: 17276
6
IntelliJ IDE Mac Spring
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Martijn Verburg wrote:That definitely looks interesting, time for another serious perusal of those docs (you can never re-read security docs enough!)


Exactly. I must have read the whole thing at least 4-5 times already, and each time pick up something else.

Mark
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic