Someone could help me in an access through Spring Security, I require that the authentication (Login) be done through a stored procedure (SP), which returns a character 'V' or 'F' as the case may be.
How do I tell Spring Security which interpreter the return of the SP in accessing the user roles and convent that interpretation in a Spring session?
Most of the examples implement an access similar to the following:
<security:intercept-url pattern="/index" access="hasRole('ROLE_ADMIN')" />
Authentication in Spring Security is done through an AuthenticationProvider, which processes an authentication request by returning an object with its credentials. I'll give you an example:
@Component
public class MyAuthenticationProvider implements AuthenticationProvider {
@Override
public Authentication authenticate(Authentication authentication)
throws AuthenticationException {
String user = authentication.getName();
String password = authentication.getCredentials().toString();
Set<GrantedAuthority> grantedAuths = new HashSet<>();
// autentica con tu procedimiento PLSQL a traves de un DAO o lo que sea
if (callPlSqlDao()=="V") {
//Aqui le das los roles que correspondan
grantedAuths .add(new SimpleGrantedAuthority("ROLE_USER"));
return new UsernamePasswordAuthenticationToken(name, password, grantedAuths);
} else {
throw new AuthenticationException("No ha sido posible la autenticacion");
}
}
@Override
public boolean supports(Class<?> authentication) {
return authentication.equals(UsernamePasswordAuthenticationToken.class);
}
private String callPlSqlDAO() {
....
}
}
This should then be configured in the xml or in the corresponding configuration class, for example:
<http use-expressions="true">
<intercept-url pattern="/user/**" access="isAuthenticated()"/>
<http-basic/>
</http>
<authentication-manager>
<authentication-provider ref="MyAuthenticationProvider" />
</authentication-manager>
I hope it helps you