Reputation: 1713
Spring Security X.509 authentication without user-service
I'm using Spring Security (v3.1.3) for X.509 authentication in my web-application. Users and roles are stored in the Database, but I don't actually need to do it, as CNs of client certificates conform to "[ROLE] - [USERNAME]" schema, which means I already have username and role from the certificate itself. So how to eliminate the database without too much effort? Should I write my own implementation of user-service, which will populate UserDetails, or is there more graceful method?
Upvotes: 5
Views: 3720
Answers (1)
Reputation: 22762
Yes, the simplest option is probably to write a custom AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken>. The implementations would be something like this:
UserDetails loadUserDetails(PreAuthenticatedAuthenticationToken token) {
X509Certificate certificate = (X509Certificate[)token.getCredentials();
// Extract what you want from the certificate
...
// Create the user information
UserDetails user = ...
return user;
}
You should be able to use a reference to this bean directly in the user-service-ref namespace attribute <x509 user-service-ref='yourUserServiceBean' />.
Upvotes: 6
Related Questions
- Spring Security With X.509 Certificate
- Spring secure endpoint with only client credentials (Basic)
- How to require x509 Authentication for Spring OAuth Endpoints
- Client X.509 certificate
- X.509 : Server not able to extract user information from client certificate
- validate x509 client certificate
- Authenticate users with SpringSecurity using a WebService that requires a username and password
- Unable to Configure Spring Security With X.509 Certificate and Anonymous User
- spring-security : Using user's certificate to authenticate against LDAP
- Spring-Security with X509?