Reputation: 119
Spring Security - Preauthentication - Authorization and Set Roles Defined in DB
The authentication for our application happens through siteminder agent but the authorization is controlled through our application.
I am using org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter to check the header. I have also defined UserDetailsService to load the user details.
I also need to set the role for the user so that I can use spring security tag libraries and other spring methods to check the role and show the options.
How do I implement this?
I have tried the below statements in my user details service implementation, but doesn't seem to work.
Authentication auth = new UsernamePasswordAuthenticationToken(user, null, roles);
SecurityContextHolder.getContext().setAuthentication(auth);
I have also read about AbstractPreAuthenticatedProcessingFilter class but looks like this is may not be useful for this purpose.
Any help on this issue will be very helpful.
Thanks!
Upvotes: 0
Views: 1501
Answers (1)
Reputation: 119
I was trying to set the roles(using the statements in my question) in the UserDetailsService implementation and it was not working.
Solution-1: I have written a sub class PreAuthenticatedAuthenticationProvider and overridden the authenticate method as below :
public class CustomPreAuthenticatedAuthenticationProvider extends PreAuthenticatedAuthenticationProvider {
@Autowired
DBConfig dbConfig;
@Override
public Authentication authenticate(Authentication authentication)throws AuthenticationException {
Authentication auth = super.authenticate(authentication);
User user = (User)auth.getPrincipal();
Set<Role> roles = new HashSet<Role>();
String[] rolesArray = dbConfig.getRoles(user.getAccessLevel());
for(String role: rolesArray){
Role r = new Role();
r.setName(role);
roles.add(r);
}
user.setRoles(roles);
auth = new UsernamePasswordAuthenticationToken(user, null, roles);
return auth;
}
}
Solution-2 : I tried setting the roles in the controller (the home page after authentication) and it worked. But looks like Solution-1 is a standard solution.
Upvotes: 1
Related Questions
- Spring Security/Spring Boot - How to set ROLES for users
- How to provide role saved in DB as GrantedAuthority in UserDetails implementation?
- Spring security: log in using roles from database
- Spring Security @PreAuthorize - Restrict certain roles by using Spring EL
- Spring Security how to set roles for user while user registration
- Spring Security Set Role On Registration
- Spring security with database and multiple roles?
- how to use spring security for user role management?
- Spring security roles
- Defining Spring Security user roles