Restlet ,Guard, Spring Security 3.0, and HTTP BASIC AUTHENTICATION o my!
Not sure what happen to this guy eshepelyuk and the project
restlet-spring-security
But I needed a clean way to integrate Spring Security 3.0.x into a Restlet Application I've been working on..
I updated the code(ServiceSpringSecurityGuard.java)
to work with Spring 3.0.x so here it is:
package org.restlet.ext.spring.security; import org.restlet.Guard; import org.restlet.data.ChallengeScheme; import org.restlet.data.Request; import org.springframework.beans.BeansException; import org.springframework.beans.factory.InitializingBean; import org.springframework.context.ApplicationContext; import org.springframework.context.ApplicationContextAware; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.config.BeanIds; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.util.Assert; public class ServiceSpringSecurityGuard extends Guard implements ApplicationContextAware, InitializingBean { private AuthenticationManager authentificationManager; private ApplicationContext applicationContext; public ServiceSpringSecurityGuard() { super(null, ChallengeScheme.HTTP_BASIC, "Spring Security"); } public AuthenticationManager getAuthentificationManager() { return authentificationManager; } public void setAuthentificationManager(AuthenticationManager authentificationManager) { this.authentificationManager = authentificationManager; } // private AccessDecisionManager accessDecisionManager; // public AccessDecisionManager getAccessDecisionManager() { // return accessDecisionManager; // } // // public void setAccessDecisionManager(AccessDecisionManager accessDecisionManager) { // this.accessDecisionManager = accessDecisionManager; // } public void setApplicationContext(ApplicationContext applicationContext) throws BeansException { this.applicationContext = applicationContext; } public void afterPropertiesSet() throws Exception { Assert.notNull(this.applicationContext, "applicationContext is null"); // if (null == accessDecisionManager) { // setAccessDecisionManager((AccessDecisionManager) applicationContext.getBean(BeanIds.ACCESS_MANAGER)); // } if (null == authentificationManager) { setAuthentificationManager((AuthenticationManager) applicationContext.getBean(BeanIds.AUTHENTICATION_MANAGER)); } Assert.notNull(this.authentificationManager, "authentificationManager should be specified"); // Assert.notNull(this.accessDecisionManager, "accessDecisionManager should be specified"); } @SuppressWarnings("unused") public boolean checkSecret(Request request, String identifier, char[] secret) { try { Authentication auth = authentificationManager.authenticate(new UsernamePasswordAuthenticationToken(identifier, new String(secret))); if (auth.isAuthenticated()) { SecurityContextHolder.getContext().setAuthentication(auth); } return auth.isAuthenticated(); } catch (AuthenticationException e) { SecurityContextHolder.getContext().setAuthentication(null); return false; } } }
Labels: and HTTP BASIC AUTHENTICATION, Guard, Restlet, Spring Security 3.0