How to have Spring Security enabled for an application using third party login?

0
votes

I have a Spring Boot enabled application whose login is controlled by third party Siteminder application. After successful authentication, Sitemeinder redirects to our application url. We fetch the HttpRequest from Siteminder and process the requests.

Now, how can Spring security be enabled in this case for authorizing users based on roles.

@Controller
public class LoginController

@RequestMapping( value= "/")
public void requestProcessor(HttpServletRequest request)
{
.
.
.}

The above controller's request mapper reads the request coming from SiteMinder and processes the request which has the Role of the user logged in. Where can we have Spring Security enabled to authorize pages and service methods to the user.

3
springspring-bootspring-security

3 Answers

0
votes

Spring Security processes request before it gets to your controller in a filter configured in spring security configuration. There is a documentation on how to configure spring security with SiteMinder.

The rules in your configuration will define the access to resources

0
votes

This is an scenario for the PreAuthenticated security classes:

Take a look here:

http://docs.spring.io/spring-security/site/docs/current/reference/html/preauth.html

-1
votes

Depends what you get in session. If somehow u can to take user and password from session you can authenticate user directly from code as :

@Autowired
AuthenticationManager authenticationManager;
...

public boolean autoLogin(String username, String password) {
    UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, password);
    Authentication auth = authenticationManager.authenticate(token);

    if (auth.isAuthenticated()) {
        logger.debug("Succeed to auth user: " + username);
        SecurityContextHolder.getContext().setAuthentication(auth);
        return true;
    }

    return false;
}