Security Login Modifications
1 view
Skip to first unread message
Pat
Apr 21, 2011, 2:46:24 PM4/21/11
to OpenSocial Enterprise Container
Hello,
We are trying to modify the security login settings in the container.
Instead of the out of the box login form, we are hoping to do the
following:
We have a badge reader that is accessible via a web service to get the
id of the badge that was last scanned. After a user scans their badge,
we want them to be able to enter a PIN on the login screen. We have a
back-end model outside of OpenSocial that contains this data (user's
PIN and badge ID's). What would be the suggested approach for
integrating this into the login process? Would we have to decompile
and modify any spring security classes? If so, where would this take
place?
Thanks
-Pat
We are trying to modify the security login settings in the container.
Instead of the out of the box login form, we are hoping to do the
following:
We have a badge reader that is accessible via a web service to get the
id of the badge that was last scanned. After a user scans their badge,
we want them to be able to enter a PIN on the login screen. We have a
back-end model outside of OpenSocial that contains this data (user's
PIN and badge ID's). What would be the suggested approach for
integrating this into the login process? Would we have to decompile
and modify any spring security classes? If so, where would this take
place?
Thanks
-Pat
mfra...@mitre.org
Apr 22, 2011, 8:29:39 AM4/22/11
to OpenSocial Enterprise Container
There are a couple of places you can look at overriding default
implementations in order to support your custom authentication
scheme. In OSEC, you can provide a custom UserService implementation
by marking it primary and adding it to the /WEB-INF/applicationContext-
security.xml (http://stackoverflow.com/questions/1998447/cant-i-use-
annotation-to-indicate-a-bean-is-a-primary-bean).
You can also provide custom implementations of Spring Security beans
by modifying the same xml file noted above. (http://
static.springsource.org/spring-security/site/docs/3.1.x/reference/
springsecurity-single.html).
For both approaches, you can need to make sure the classes are in the
classpath at runtime. This can be done by adding a jar to /WEB-INF/
lib or the class files to the correct package directory in /WEB-INF/
classes.
-Matt
implementations in order to support your custom authentication
scheme. In OSEC, you can provide a custom UserService implementation
by marking it primary and adding it to the /WEB-INF/applicationContext-
security.xml (http://stackoverflow.com/questions/1998447/cant-i-use-
annotation-to-indicate-a-bean-is-a-primary-bean).
You can also provide custom implementations of Spring Security beans
by modifying the same xml file noted above. (http://
static.springsource.org/spring-security/site/docs/3.1.x/reference/
springsecurity-single.html).
For both approaches, you can need to make sure the classes are in the
classpath at runtime. This can be done by adding a jar to /WEB-INF/
lib or the class files to the correct package directory in /WEB-INF/
classes.
-Matt
Reply all
Reply to author
Forward
0 new messages