Custom authentication in Spring

Question

I have a question. In Struts, I have an Action that deals with user authentication, i.e., I took the user\'s credentials and used a DAO to validate user credentials. I want to m

Answer 1

Usually Spring Security handles authentication inside its own code, using your code as strategies (authentication providers, user details services, etc). But you can handle authentication inside your own code.

In your action's code, when user credentials are correct, you will:

• Create an Authentication containing user name and granted roles (you may use UsernamePasswordAuthenticationToken as a convenient implementation).
• Put it into security context:
  SecurityContextHolder.getContext().setAuthentication(auth);
• Broadcast the authentication success event using AuthenticationEventPublisher.publishAuthenticationSuccess(...) (you may autowire it from the context or create a DefaultAuthenticationEventPublisher explicitly).
• Redirect user to the secured resource using SavedRequestAwareAuthenticationSuccessHandler.onAuthenticationSuccess(...).

Also you need to supply an AuthenticationEntryPoint:

     
     



    ...

However, if you are actually new in Spring, it may be better to avoid such a massive customizations and use the regular Spring Security architecture.