REST service authentication with digest credential Spring Configuration

Sanjoy Kumer DebSanjoy Kumer Deb June 19, 2014

We can use REST web service authentication in spring.According to O'relly's RESTfull web service here we found 3 types of authentication in rest.
1.Basic Authentication.
2.Digest Authentication.
3.WSSE username Authentication.

According to Digest authentication system if we use it with spring we need to configure spring security servlet like following.
Now we need to customize our Custom Userdetail service That will authenticate user from our storage system. 
 
package com.ex.sp.service;

import com.ex.sp.dao.UserDao;
import com.ex.sp.enumeration.UserType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.stereotype.Service;

import java.util.ArrayList;
import java.util.Collection;
import java.util.List;

@Service
public class CustomUserDetailsService implements UserDetailsService {

    private static Logger logger = LoggerFactory.getLogger(CustomUserDetailsService.class);
    @Autowired
    private UserDao userDao;

    @Override
    public UserDetails loadUserByUsername(String email) {
        try {
            com.ex.sp.domain.User domainUser = userDao.getUserByEmail(email);
            boolean enabled = true;
            boolean accountNonExpired = true;
            boolean credentialsNonExpired = true;
            boolean accountNonLocked = true;
            int roleId = 0;
            try {
                roleId = domainUser.getAuthorities().get(0).getId();
            } catch (IndexOutOfBoundsException e) {
                logger.info("There is no role under this email");
            }
            return new User(
                    domainUser.getEmail(),
                    domainUser.getPassword(),
                    enabled,
                    accountNonExpired,
                    credentialsNonExpired,
                    accountNonLocked,
                    getAuthorities(roleId)
            );
        } catch (Exception ert) {
            return null;
        }
    }

    public Collection getAuthorities(Integer role) {
        List authList = getGrantedAuthorities(getRoles(role));
        return authList;
    }

    public List getRoles(Integer role) {
        List roles = new ArrayList();
            roles.add(String.valueOf(UserType.ROLE_ADMIN));
            roles.add(String.valueOf(UserType.ROLE_MGR));
        return roles;
    }

    public static List getGrantedAuthorities(List roles) {
        List authorities = new ArrayList();

        for (String role : roles) {
            authorities.add(new SimpleGrantedAuthority(role));
        }
        return authorities;
    }
}
Reactions

Post a Comment

0 Comments