wood burning stoves 2.0*
The moose likes Spring and the fly likes Spring 3 and X.509 Authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Java 8 in Action this week in the Java 8 forum!
JavaRanch » Java Forums » Frameworks » Spring
Bookmark "Spring 3 and X.509 Authentication" Watch "Spring 3 and X.509 Authentication" New topic
Author

Spring 3 and X.509 Authentication

Jason Ferguson
Ranch Hand

Joined: Sep 16, 2007
Posts: 47
I'm trying to write an web application that takes advantage of X.509 authentication. I want to make sure I am straight on what needs to be done.

First, in my applicationContext.xml file, I need to add the following lines:



On the database, I need to have populated User and Authorities tables. The username in the User table needs to be the CN from the X.509 certificate.

Next, I need a model/value object which implements UserDetails.

Next I need to implement UserDetailsService.

Once all of this is done, the SecurityContext will contain an Authentication object.

I then go back to the applicationContext.xml and set up the authorities by adding this line (and others) to the section:



It just seems a bit too easy, and I'm still scarred from a failed attempt to do this from the ACEGI days.

Jason
Peter Mularien
Author
Ranch Hand

Joined: Sep 06, 2007
Posts: 84
Hi Jason,

I actually devote a whole chapter in the book to X.509 (client certificate) authentication. I would say that the majority of the issues / confusion around X.509 authentication tend to be more around the lifecycle and correct management and installation of certificates, server trust stores, etc. and not so much the configuration of Spring Security 3 itself.

It looks from the below code as though you are on the right track, though!

Best
Peter


Author, Spring Security 3 (the Book), Packt Publishing, 2010
SCJP, OCP
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Spring 3 and X.509 Authentication
 
Similar Threads
Need to skip spring/ldap authentication to be able to develop at home
Does Spring Web Flow 2 have role based authorization to execute flow feature?
LdapLoginModule - almost working
nullpointer with @Autowired AuthenticationManager
LDAP Integration with JBoss