In the Spring tradition, Spring Security 3 is incredibly extensible. In this tutorial I will show you how to create your own authenticators. In particular, I will build on my article “Adding Crowd Authentication to your Application” by adding Crowd support to my web application.
Crowd is Atlassian’s centralized identity management system. At its core, it is a simplified version of LDAP dedicated to user management. But, it offers much more functionality, including single sign-on, open ID support, a very simple REST API, and off-the-shelf integration with a number of products. But, this article is not a sales pitch for their product.
Instead, in this article I will show you how to use Crowd for authentication in your Java application. This will set us up for my next article on integrating Crowd with Spring Security 3.0.
You just wired Spring Security into your Spring-based web application and you are enjoying the benefits of annotated method security. However, you run into a problem where you need access to the current user. You reach for Spring Security’s solution of SecurityContextHolder.getContext().getAuthentication() when you realize that will make it very difficult to unit test.
In this article I’ll show you how to inject the current authentication and/or user in a spring-like fashion.
One of the greatest benefits of Spring MVC is that it removes your dependency on a servlet container. In theory, you should be able to test your controllers, and your entire web stack, from a testing harness like JUnit. In reality, you become just as dependent on the wonderful services offered by DispatcherServlet and a complete WebApplicationContext (request parameter binding, validation, model attributes, request mappings, and aspects such as Spring Security). In this article, I will show you how to create a mock servlet context and WebApplicationContext from within JUnit.