Acegi Security in one hour

A concise guide to securing your Java Web applications

1 2 3 4 5 6 7 Page 7
Page 7 of 7

Custom authentication integration with Acegi Security

Another customization scenario involves integrating Acegi Security with an existing proprietary authentication implementation. For instance, the hypothetical XYZ enterprise is already using a proprietary LDAP (Lightweight Directory Access Protocol)-based authentication solution. Because the enterprise uses this authentication mechanism across all Java EE applications, its IT team might not want to use an altogether new authentication mechanism for a new application. In a case like this, it would be nice if the existing authentication implementation could be integrated with Acegi, which is doable.

To implement authentication functionality, you need to create a new AuthenticationProvider and implement its authenticate() method. There you can pass the user credentials to the external service or component that authenticates the user. Listing 22 shows the AuthenticationProvider implementation.

Listing 22. Custom AuthenticationProvider implementation

public class XYZAuthenticationProvider implements
    AuthenticationProvider, InitializingBean, MessageSourceAware {
    public Authentication authenticate(Authentication authentication)
      throws AuthenticationException {
    XYZSecurityService eiService = new ABCSecurityServiceImpl();
    LDAPResponse ldap = null;
    try {
      ldap = eiService.authenticateUser(authentication.getPrincipal()
          .toString(), authentication.getCredentials().toString());
    } catch (AppException e) {
      throw new BadCredentialsException(
          "Exception occurred while executing security service", e);
    UsernamePasswordAuthenticationToken result = new UsernamePasswordAuthenticationToken(
        user, authentication.getCredentials(), user.getAuthorities());
    return result;

The authenticate() method in Listing 22 calls an existing authentication service -- XYZSecurityService -- that authenticates user credentials. You need to modify the bean definition in Listing 8 to accommodate the custom AuthenticationProvider implementation. Simply replace the second line with:

<bean id="daoAuthenticationProvider" class="">

In conclusion

In this article I've showed you how to configure Acegi Security in about one hour, giving you a basic infrastructure that's ready to work. You've also seen some ways you can customize it further, including using a database instead of a property file for getting user credentials. Similarly, you could build on this article's foundation to add functionality such as "remember me", Secure Sockets Layer (SSL) integration, or an LDAP-based implementation. The application source code is also set up to use Struts 2, rather than JSP, for presentation.

See the Resources section to learn more about Acegi Security and other technologies discussed in this article.

ShriKant Vashishtha currently works as a Principal Consultant for Xebia IT Architects India Private Limited. He has more than nine years of experience in the IT industry and is involved in designing technical architectures for various large-scale Java EE-based projects for the banking and retail domains. ShriKant holds a bachelor's degree in engineering from the Motilal Nehru National Institute of Technology in AllahaBad, India.

Learn more about this topic


1 2 3 4 5 6 7 Page 7
Page 7 of 7