1) Configure password encoder bean
<bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.Md5PasswordEncoder"/>
2) configure salt source bean (optional)
<beans:bean id="saltSource" class="org.springframework.security.authentication.dao.ReflectionSaltSource"
p:userPropertyToUse="username"/>
3) Configure rememberme bean
<beans:bean id="rememberMeAuthenticationProvider"
class="org.springframework.security.authentication.RememberMeAuthenticationProvider">
<beans:constructor-arg value="e37f4b31-0c45-11dd-bd0b-0800200c9a66"/>
</beans:bean>
4) Configure authentication providers(list)
<authentication-manager alias="authenticationManager">
<authentication-provider ref="rememberMeAuthenticationProvider">
</authentication-provider>
<authentication-provider user-service-ref="userDao">
<password-encoder ref="passwordEncoder" >
<salt-source ref="saltSource" />
</password-encoder>
</authentication-provider>
<authentication-provider ref="customAuthenticationProvider" />
</authentication-manager>
5) Create class that implements userDao inteface and implement loadUserByUsername method
@Repository("userDao")
public class UserDaoHibernate extends GenericDaoHibernate<User, Long> implements
UserDao, org.springframework.security.core.userdetails.UserDetailsService.UserDetailsService {
UserDetails loadUserByUsername(String username) throws UsernameNotFoundException
{}
}
6) Create custom authentication provider
@Component
public class CustomAuthenticationProvider implements AuthenticationProvider {
@Override
public Authentication authenticate(Authentication authentication)
throws AuthenticationException {
String username = authentication.getName();
String rawPassword = (String) authentication.getCredentials();
User user = (User) userDao.loadUserByUsername(username);
if (user == null) {
throw new BadCredentialsException("Username not found.");
}
if (!passwordEncoder.isPasswordValid(encryptedPassword, rawPassword,
saltField)) {
throw new BadCredentialsException("Wrong password.");
}
Collection<? extends GrantedAuthority> authorities = user
.getAuthorities();
return new UsernamePasswordAuthenticationToken(user,
user.getPassword(), authorities);
}
@Override
public boolean supports(Class<?> arg0) {
return true;
}
}
7) Configure remember me filter for changing cookie name
<beans:bean id="rememberMeServices" class="org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices">
<beans:constructor-arg value="e37f4b31-0c45-11dd-bd0b-0800200c9a66"/>
<beans:constructor-arg ref="userDao"/>
<beans:property name="cookieName" value="_SRM"/>
</beans:bean>
<beans:bean id="rememberMeFilter" class="org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter">
<beans:constructor-arg ref="authenticationManager"/>
<beans:constructor-arg ref="rememberMeServices"/>
</beans:bean>
Refer document for more information : spring-security-document
<bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.Md5PasswordEncoder"/>
2) configure salt source bean (optional)
<beans:bean id="saltSource" class="org.springframework.security.authentication.dao.ReflectionSaltSource"
p:userPropertyToUse="username"/>
3) Configure rememberme bean
<beans:bean id="rememberMeAuthenticationProvider"
class="org.springframework.security.authentication.RememberMeAuthenticationProvider">
<beans:constructor-arg value="e37f4b31-0c45-11dd-bd0b-0800200c9a66"/>
</beans:bean>
4) Configure authentication providers(list)
<authentication-manager alias="authenticationManager">
<authentication-provider ref="rememberMeAuthenticationProvider">
</authentication-provider>
<authentication-provider user-service-ref="userDao">
<password-encoder ref="passwordEncoder" >
<salt-source ref="saltSource" />
</password-encoder>
</authentication-provider>
<authentication-provider ref="customAuthenticationProvider" />
</authentication-manager>
5) Create class that implements userDao inteface and implement loadUserByUsername method
@Repository("userDao")
public class UserDaoHibernate extends GenericDaoHibernate<User, Long> implements
UserDao, org.springframework.security.core.userdetails.UserDetailsService.UserDetailsService {
UserDetails loadUserByUsername(String username) throws UsernameNotFoundException
{}
}
6) Create custom authentication provider
@Component
public class CustomAuthenticationProvider implements AuthenticationProvider {
@Override
public Authentication authenticate(Authentication authentication)
throws AuthenticationException {
String username = authentication.getName();
String rawPassword = (String) authentication.getCredentials();
User user = (User) userDao.loadUserByUsername(username);
if (user == null) {
throw new BadCredentialsException("Username not found.");
}
if (!passwordEncoder.isPasswordValid(encryptedPassword, rawPassword,
saltField)) {
throw new BadCredentialsException("Wrong password.");
}
Collection<? extends GrantedAuthority> authorities = user
.getAuthorities();
return new UsernamePasswordAuthenticationToken(user,
user.getPassword(), authorities);
}
@Override
public boolean supports(Class<?> arg0) {
return true;
}
}
7) Configure remember me filter for changing cookie name
<beans:bean id="rememberMeServices" class="org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices">
<beans:constructor-arg value="e37f4b31-0c45-11dd-bd0b-0800200c9a66"/>
<beans:constructor-arg ref="userDao"/>
<beans:property name="cookieName" value="_SRM"/>
</beans:bean>
<beans:bean id="rememberMeFilter" class="org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter">
<beans:constructor-arg ref="authenticationManager"/>
<beans:constructor-arg ref="rememberMeServices"/>
</beans:bean>
Refer document for more information : spring-security-document
No comments:
Post a Comment