We are using Spring 3 framework and we have a SSO (Single sign on) provider which redirects to our app passing special tokens in the request to indicate the user is authenticated.

I would like to use Spring security to handle stuff like denying access to pages unless the user is authenticated, but I’d also like to be able to bypass this on my local machine while developing the application.

So in the production scenario, I expect the SSO to redirect to our app, specifically to a “/login.html” target which is supposed to somehow trigger a custom class I write to pull the expected login info from request and load up the user’s info from our database and put it in session for the rest of the app to use.

Then in the development scenario I need to bypass SSO by just being able to create a session using a custom login page and then load the user’s info from database just as above.

I am trying to figure out how to do it myself but I can’t seem to wrap my head around all of it.

Any info on how to accomplish this even just high level kind of road map would be a huge help