Spring Security Struts 1.3 integration without extending GrandAuthority and UserDetails

417 views Asked by At

I am new to spring security and wanted to integrate it into existing Struts 1.3 webapp.

I successfully followed this tutorial and it works great when it is that simple.

However in the tutorial user is hardcoded into security.xml:

<authentication-manager>
<authentication-provider>
    <password-encoder hash="md5"/>
    <user-service>
        <user name="admin" password="21232f297a57a5a743894a0e4a801fc3" authorities="ROLE_ADMIN"/>
    </user-service>
</authentication-provider>
</authentication-manager>

If I understand correctly to enable custom authentication I need to implement my CustomAuthenticationProvider that extends AuthenticationProvider interface, which has an authenticate method.

@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
    ...
    Collection<? extends GrantedAuthority> authorities = user.getAuthorities();

    return new UsernamePasswordAuthenticationToken(user, password, authorities);
}

However UsernamePasswordAuthenticationToken accepts Collection in its constructor and in our model entities do not extend spring security interaces, such as UserDetails and GrantedAuthority.

So is there a way to authenticate user without extending spring security interfaces in my entities?

EDIT:

I have added customUserDetailService:

<http auto-config="true" use-expressions="true">
        <intercept-url pattern="/login.do" access="isAnonymous()"/>
        <intercept-url pattern="/**" access="hasRole('ROLE_ADMIN')"/>
        <intercept-url pattern="/j_spring_security_check" access="permitAll"/>
        <form-login login-page="/login.do"
                    authentication-failure-url="/login.do?login_error=1"
                    default-target-url="/index.do"/>
        <logout invalidate-session="true"
                logout-url="/logout.do"
                logout-success-url="/"/>
        <csrf />
        <remember-me />
        <access-denied-handler error-page="/denied"/>
    </http>

    <authentication-manager alias="authenticationManager">
        <authentication-provider user-service-ref="customUserDetailService" />
    </authentication-manager>
    <beans:bean id="customUserDetailService" class="com.demo.service.CustomUserDetailsService"/>

However loadUserByUsername() method is not invoked...

0

There are 0 answers