Can't answer the question directly, but a 'helpful hint' from the Identity Management sector: Not all authentication systems have the same trust value - It is a serious breach of good security design to treat them equally.
Can't answer the question directly, but a 'helpful hint' from the Identity Management sector: Not all authentication systems have the same trust value - It is a serious breach of good security design to treat them equally. I hope this helps with your design...
Well, it does add a philosopihical dimension to my question :D I don't see the point of this answer though – Salvin Francis Nov 9 '09 at 9:39 I was just suggesting something to look out for. Sorry if it doesn't apply to you. – caving Nov 19 '09 at 12:00.
There are probably several ways to do this. There is some functionality that does something very similar, namely Pre-authentication. It's a good example of a way that you can add a custom filter that authenticates the user, after which the rest of the framework should take over.
What an AuthenticationProvider does is examine the Authentication object that is loaded into the session by a previous filter. You can register as many authentication providers as you want with the authentication manager (which simply runs the Authentication object through all of them), but you have to manage to get some filter in there that will handle your authentication scheme and populate the Authentication object. If you want this filter to also interact with the user (i.e.
Show a login form or something) it might interfere with other filters. In that case you can use separate filter chains, but this doesn't sound like it would be necessary in your case.
I read about PreAuthentication, I think you are mistaken with my question, I wanted to allow users to login in 3 different ways: username/password, Open Id, SSO. – Salvin Francis Nov 9 '09 at 9:40 I do appreciate the extra information about authentication managers, that infor has cleared a few of my basics, I am unsure about what you meant with regards to filter chains. – Salvin Francis Nov 9 '09 at 12:35 Sorry I figured your login scheme was too different from the rest to be able to fit it in nicely there.As for filter chains, basically there is one chain of spring security filters that all requests go through, but if necessary you can set up two or more, filtering on different URLs.
That way you can use completely different filters/authentication mechanisms, but it gets a bit complicated. – wds Nov 9 '09 at 21:05.
Okay, here is the solution: Hope this helps someone in need...
Just as I used the "after", I also used "before" to add another SSO! Please note that CAS has nothing to do with my system. – Salvin Francis Nov 9 '09 at 9:45.
I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.