I'm creating a spring mvc (spring 4) with spring security 3.2. I have a login page which works fine, with custom UserDetailsService. I want to add on website a new functionality, adding some demands. When someone add a demand, he will receive an email with a button through he can manage this demand, including the creation of a session for the website. I want to create him an account.. and give him authetincation from this button's url which will be handled by a controller. How should i do that? create an account with some hardcoded password? and how about the authentication provider? User with demand couldn't login through normal login page.
In database that type of accounts will have a different status than the normal accounts. Hope you understand what i need...
You can try creating a common user for all such use cases (called guest or similar). If you have validated a user using the trusted url which they have provided, you can query the database using the hard coded username (guest), and get the authentication details like passoword, roles etc. Then you can programatically authenticate the user. In such a way, user only has to provide you a url, and your code can fetch a real authentication detail from the db.
For the authentication part, you may refer to the below link.
stackoverflow.com/a/15119876/3981536
Related
I am developing an case management application.I have created login page and landing page other pages as well.
i have used the spring mvc 4,oracle database.
A used logged into the application and then went to admin page.copy the admin page url ,logout from the application.when the user directly copy and paste the admin page url into another user user he is able to open that page.how can i restrict the user. when user perform any crud operation how can validate user's credentials every time.
Please suggest.
If you are using Spring framework, the best practice case you can implement is to integrate Spring Security.
Regarding the session handling within your system, you might use JWT tokens which allows you to control the user flow easily. You can read this complete tutorial.
I want to create one authentication link, like account.envato.com and multiple applications will be automatically authenticated by same username and password. How can I implement this?
I'm writing web app using JSF2 and primefaces with Glassfish 3.1.2. I want to start with login/logout mechanism but i'm not sure about solution.
What I want to achieve:
Three main goals:
web application in JSF 2.1
this application will use many databases (but every db will have the same user, password and "security table" with application login and password). So user during authentication must give database name, user and password.
I want to be able to logout and login on different user without closing browser.
What authentication method will be the best in that case ? I cannot just create a new Realm with database name because it is not const in my situation.
I thought about web-services, which will take db_name, app_login and app_password as parameters and return whether it is ok or not.. And then create a simple managed bean, which will tell me whether user is logged. But i want to totally separate login logic from other stuff.. and I want to check whether user is logged before I view every page in application.
Thanks for your tips,
Regards
I don't know if you already have taken a look at the Seam Security functionalities, but I think it may fit your needs considering the Identity Manager:
http://docs.jboss.com/seam/2.1.1.GA/reference/en-US/html/security.html#d0e8804
I'm new to Spring Roo and would like to know how to implement user authentication and authorization. I followed the tutorial and focused on Spring Security but it doesn't really do what I want. I'd like to present the user with a login page where they enter their email and password. The email and password will then be compared to a 'User' table in MySQL and if it exists, present the user with a different user interface depending on the 'role' attribute in the table (e.g, a doctor user has a different user interface and a patient user has a different interface). What would be the proper steps to doing this?
I can connect to MySQL fine, I'm just not sure how to go about creating the login page and creating some kind of active session.
Chapter 8 in this book (highly recommended!) goes into some detail how to set up spring security using a database in spring roo. Reading that chapter will also show you how to customize the UI based on the role. Alternatively, this blog gives some pointers in setting up a database for credentials with roo.
If you want more than just customizing the UI based on the role, for example, if you want to redirect users based on their role to different parts of the site after login, then this link presents two options.
I'm developing some site with openid auth.
For openid auth I use standarts spring security filter and provider:
org.springframework.security.openid.OpenIDAuthenticationFilter,
org.springframework.security.openid.OpenIDAuthenticationProvider
And for create user I use my custom UserDetailsService.
So question is where's the best place (filter, provider, detailsService) to save user email got from OpenIDAttribute?
Typically its the UserDetailsService where you construct your domain objects i.e. load/generate a "User" object based on the information passed from OpenId/SAML etc. I guess you're trying to implement some sort of on the fly provisioning in which a user signs in with his OpenId credentials and you look for an existing local account and if you cant find one you generate one?