Reputation: 16984
Using Spring Security to Validate User Credentials
I have an application that uses Spring Security LDAP for User authentication. What I'm trying to do is build a feature that requires the User to provide their password again for validation of credentials before performing an important process.
The user is already signed in, so I wouldn't want to kick the user out by killing their current session.
Upvotes: 2
Views: 236
Answers (2)
Reputation: 16984
I ended up creating a separate service and controller to make a simple LDAP auth and lookup. The service would login with the Spring config settings, then apply the username and supplied password and validate CN result.
Upvotes: 0
Reputation: 1101
This sounds like it could be a tricky requirement to fill. I have one somewhat outside the box solution that could meet the requirement:
- Create a sister Grails application that uses the same Grails/Spring Security/LDAP structure as your primary app.
- Expose a /verifyLdapCredentials Service in the sister application to accept the user's LDAP credentials
- Authenticate against LDAP
- Sends a success/failure response back to the primary application
- Unauthenticate from the sister application immediately to prepare for the next request
Upvotes: 1
Related Questions
- spring-security-core custom authentication in grails
- Grails Spring security for different form of authentication
- grails login verification
- grails spring security core
- grails spring security ui password validator
- Grails Spring Security - using other properties in authentication
- Grails Spring Security Sign up / Register User
- Grails spring Security add authentication method
- spring security in grails
- Custom authentication