Creating a custom authentication with Acegi/Spring Security

Question

I\'m having trouble discovering exactly what I need to implement in order to use a custom authentication method with my web application using Spring Security. I have a Grail

Answer 1

1. Implement a custom AuthenticationProvider which gets all your authentication information from the Authentication: getCredentials(), getDetails(), and getPrincipal().

   Tie it into your Spring Security authentication mechanism using the following configuration snippet:

2. This step is optional, if you can find a suitable one from standard implementations. If not, implement a class extending the Authentication interface on which you can put your authentication parameters:

   (e.g. a user identifier, timestamp, signature, etc.)
   

3. Extend a custom SpringSecurityFilter which ties the above two classes together. For example, the Filter might get the AuthenticationManager and call authenticate() using your implementation of Authentication as input.

   You can extend AbstractAuthenticationProcessingFilter as a start.

   You can reference UsernamePasswordAuthenticationFilter which extends AbstractAuthenticationProcessingFilter. UsernamePasswordAuthenticationFilter implements the standard Username/Password Authentication.

4. Configure your Spring Security to add or replace the standard AUTHENTICATION_PROCESSING_FILTER. For Spring Security Filter orders, see http://static.springsource.org/spring-security/site/docs/3.0.x/reference/ns-config.html#filter-stack

   Here is a configuration snippet for how to replace it with your implementation: