jsonspringspring-mvcspring-security

Spring Security and JSON Authentication


I've an application in spring/spring-mvc that totally uses JSON communications. Now I need to authenticate my application with spring security 3 (that uses LdapAuthenticationProvider) via JSON.

The default spring seurity submit form requires a POST like this:

POST /myapp/j_spring_security_check HTTP/1.1
Accept-Encoding: gzip,deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 32
Host: 127.0.0.1:8080
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.1.1 (java 1.5)

j_username=myUsername&j_password=myPass

But I want to pass a JSON object like this:

{"j_username":"myUsername","j_password":"myPass"}

I read many post like this, this other or this one without luck, in all ajax cases is done a POST like above.

Any Ideas?


Solution

  • You can write your own security filter that will parse your JSON.

    http://docs.spring.io/spring-security/site/docs/3.0.x/reference/core-web-filters.html

    You can use the BasicAuthenticationFilter as a reference:

    http://docs.spring.io/spring-security/site/docs/3.0.x/apidocs/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.html