Spring security authentication with 3 fields instead of just username and password

StackOverflow https://stackoverflow.com/questions/23336770

Question

I would like to authenticate using username + password + domain(just a string).

Instead of having a unique username, it will be a unique combination of username + domain.

What is the best way to do this?

I'm using grails 2.3.7

Was it helpful?

Solution

Try something like this (code isn't tested):

@Component
public class BasicAuthenticationProvider implements AuthenticationProvider {

    @Autowired
    private UserService registerService;

    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {

        String email = authentication.getName();
        String password = (String) authentication.getCredentials();
        String domain = (String) authentication.getDetails();

        User user = registerService.getUserByEmail(email);

        if (user == null) {
            throw new BadCredentialsException("Username not found.");
        }
        if (!password.equals(user.getPassword()) && !domain.equals(user.getDomain())) {
            throw new BadCredentialsException("Wrong password.");
        }

        Collection<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
        GrantedAuthority grantedAuthority = new GrantedAuthority() {
            @Override
            public String getAuthority() {
                return user.getAuthority();
            }
        };
        authorities.add(grantedAuthority);

        return new UsernamePasswordAuthenticationToken(email, password, authorities);
    }

    @Override
    public boolean supports(Class<?> arg0) {
        return true;
    }
}
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top