Username Password Authentication in Spring Security

Question

I'm trying to make a simple username/password authentication in a Spring Security web app. I have a web service that authenticates by passing in a user name/password, and gets back a role. Then I need to retain the password for future web service calls.

My app was initially created with App Fuse, so it had some JDBC-based authentication. I've ripped that out, but I'm not sure how to add my custom authentication in.

The documentation says that it's "simple" to add in such a mechanism. But the example app is a command line hello-world style program, not a web app. I can't seem to find an example of username/password authentication in a web app.

I've got the following in my XML file:

<beans:bean id="myProvider" class="com.example.MyProvider"></beans:bean>

<authentication-manager>
    <authentication-provider ref="myProvider"></authentication-provider>
</authentication-manager>

I don't know if this is the right place to put my authentication in, and I'm not sure what interface to implement. I think I might need to implement AuthenticationManager. And I might use UsernamePasswordAuthenticationToken.

How do I wire this all together?

Answer 1

I've got it working now. Thank you everyone for the help. I had to add a new Authentication Provider, and wire it into the Authentication Manager. Here's what I ended up adding:

<beans:bean id="authenticationManager"
     class="org.springframework.security.authentication.ProviderManager">

  <beans:property name="providers">
    <beans:list>
      <beans:ref local="myAuthenticationProvider"/>
    </beans:list>
  </beans:property>
</beans:bean>

<beans:bean id="myAuthenticationProvider" class="com.example.MyAuthenticationProvider">
</beans:bean>

<authentication-manager>
    <authentication-provider ref="myAuthenticationProvider"/>
</authentication-manager>

and MyAuthenticationProvider (taken from the example) is:

public class AConnexAuthenticationProvider implements AuthenticationProvider {

    static final List<GrantedAuthority> AUTHORITIES = new ArrayList<GrantedAuthority>();

    static {
      AUTHORITIES.add(new GrantedAuthorityImpl("ROLE_USER"));
    }

    @Override
    public Authentication authenticate(Authentication auth)
            throws AuthenticationException {
        return new UsernamePasswordAuthenticationToken(auth.getName(), auth.getCredentials(), AUTHORITIES);
    }

    @Override
    public boolean supports(Class<? extends Object> paramClass) {
        return true;
    }
}

I'll add actual verification of username/password later; this one just lets anyone in.