Archive
Spring Security: Custom Authenticators
In the Spring tradition, Spring Security 3 is incredibly extensible. In this tutorial I will show you how to create your own authenticators. In particular, I will build on my article “Adding Crowd Authentication to your Application” by adding Crowd support to my web application.
Adding Crowd Authentication to your Application
Crowd is Atlassian’s centralized identity management system. At its core, it is a simplified version of LDAP dedicated to user management. But, it offers much more functionality, including single sign-on, open ID support, a very simple REST API, and off-the-shelf integration with a number of products. But, this article is not a sales pitch for their product.
Instead, in this article I will show you how to use Crowd for authentication in your Java application. This will set us up for my next article on integrating Crowd with Spring Security 3.0.
Spring: Request Scope and Injecting Current User
You just wired Spring Security into your Spring-based web application and you are enjoying the benefits of annotated method security. However, you run into a problem where you need access to the current user. You reach for Spring Security’s solution of SecurityContextHolder.getContext().getAuthentication() when you realize that will make it very difficult to unit test.
In this article I’ll show you how to inject the current authentication and/or user in a spring-like fashion.
Read more…
Spring MVC: Integration Testing Controllers
One of the greatest benefits of Spring MVC is that it removes your dependency on a servlet container. In theory, you should be able to test your controllers, and your entire web stack, from a testing harness like JUnit. In reality, you become just as dependent on the wonderful services offered by DispatcherServlet and a complete WebApplicationContext (request parameter binding, validation, model attributes, request mappings, and aspects such as Spring Security). In this article, I will show you how to create a mock servlet context and WebApplicationContext from within JUnit.
