The Spring Security module supports by default some standard ways to retrieve user information for authentication from databases, LDAP or other commonly used storages. But unfortunately the Spring documentation does not say much about creating connections to custom data sources. There are actually several different ways to do it.
But let’s say we have a Spring MVC application with a login form which contains a user name and password field, but the application does not use any of the supported methods to store the user data. How can we authenticate the user anyway?
The easiest way in my opinion is to create a new authentication provider. So we simply need to implement the AuthenticationProvider interface.
The authenticate() function of the class must return an UsernamePasswordAuthenticationToken instance if the authentication is successful or null otherwise. You can choose another token, simple check the classes implementing AbstractAuthenticationToken. But for our scenario…
View original post 77 more words