Home/ Questions/Q 7048177
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-28T02:51:37+00:00

I’m trying to make a simple username/password authentication in a Spring Security web app.

  • 0

I’m trying to make a simple username/password authentication in a Spring Security web app. I have a web service that authenticates by passing in a user name/password, and gets back a role. Then I need to retain the password for future web service calls.

My app was initially created with App Fuse, so it had some JDBC-based authentication. I’ve ripped that out, but I’m not sure how to add my custom authentication in.

The documentation says that it’s “simple” to add in such a mechanism. But the example app is a command line hello-world style program, not a web app. I can’t seem to find an example of username/password authentication in a web app.

I’ve got the following in my XML file:

<beans:bean id="myProvider" class="com.example.MyProvider"></beans:bean>

<authentication-manager>
    <authentication-provider ref="myProvider"></authentication-provider>
</authentication-manager>

I don’t know if this is the right place to put my authentication in, and I’m not sure what interface to implement. I think I might need to implement AuthenticationManager. And I might use UsernamePasswordAuthenticationToken.

How do I wire this all together?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I’ve got it working now. Thank you everyone for the help. I had to add a new Authentication Provider, and wire it into the Authentication Manager. Here’s what I ended up adding:

    <beans:bean id="authenticationManager"
     class="org.springframework.security.authentication.ProviderManager">

  <beans:property name="providers">
    <beans:list>
      <beans:ref local="myAuthenticationProvider"/>
    </beans:list>
  </beans:property>
</beans:bean>

<beans:bean id="myAuthenticationProvider" class="com.example.MyAuthenticationProvider">
</beans:bean>

<authentication-manager>
    <authentication-provider ref="myAuthenticationProvider"/>
</authentication-manager>

    and MyAuthenticationProvider (taken from the example) is:

    public class AConnexAuthenticationProvider implements AuthenticationProvider {

    static final List<GrantedAuthority> AUTHORITIES = new ArrayList<GrantedAuthority>();

    static {
      AUTHORITIES.add(new GrantedAuthorityImpl("ROLE_USER"));
    }

    @Override
    public Authentication authenticate(Authentication auth)
            throws AuthenticationException {
        return new UsernamePasswordAuthenticationToken(auth.getName(), auth.getCredentials(), AUTHORITIES);
    }

    @Override
    public boolean supports(Class<? extends Object> paramClass) {
        return true;
    }
}

    I’ll add actual verification of username/password later; this one just lets anyone in.

    • 0