M
Michael Jacobs
Guest
What you are doing with the 2 factor security is going in the right direction. I *think* it can be done, and it would be an interesting advanced Spring Security configuration that would probably start with the oeablSecurity-form-oerealm.xml configuration template. As I started writing it, I realized that the details would be large and maybe not appropriate for a forum, plus some of the real low level details you would have to supply based on your application. If you are interested, we can connect offline, talk, and see if a means could be found to achieve your goals? Just a couple of technical points that were asked : . The OERealm functionality implements the Spring Security AuthenticationProvider interface, which acts a raw source of user account data to Spring Security's client-authentication process call-out. The OERealm server class (ie. what is derived from HybridRealm) can only fail the client authentication or return raw account data. Your OERealm class will not know 100% if Spring Security fails the client authentication or not - therefore not knowing whether to push the SMS message or not. . The PRE_AUTH_FILTER is a dependency-injection point in the Spring Security process where you can inject a customized [Java] Spring bean. Spring Security provides this injection point for handling SSO security token validation for token that were created by some external security service Let me know if you want to dive into the details. Mike J.
Continue reading...
Continue reading...