Spring security authentication based on request parameter

Question

The application I\'m working on already has Spring Security to handle form based authentication. Now the requirement is to login a user programmatically via an external serv

Answer 1

If you use Spring MVC controller or service, where targe request parameter is passed, then you can use @PreAuthorize Spring security annotation.

Say, you have some Spring service that can check passed token and perform authentication if passed token is valid one:

@Service("authenticator")
class Authenticator {        
...
public boolean checkTokenAndAuthenticate(Object token) {
    ...
    //check token and if it is invalid return "false"
    ...
    //if token is valid then perform programmatically authentication and return "true"  
}
...             
}    

Then, with Spring security @PreAuthorize annotation you can do this it next way:

...
@PreAuthorize("@authenticator.checkTokenAndAuthenticate(#token)")
public Object methodToBeChecked(Object token) { ... }
...

Also, you should enable Spring security annotations by and add spring-security-aspects to POM (or jar to classpath).