I am working on a project to convert an existing Java application to use Spring Web MVC. As part of this, I will migrate the existing I / O mechanism to use Spring Security. The idea at this point is to replicate existing functionality and replace only the web tier, leaving the service classes and objects in place. The required functionality is simple. Access is controlled through URLs and access to specific pages that the user must enter. Authentication is performed with a simple username and password along with additional static information that comes from the login page. There is no concept of a role: after a user logs in, they have access to all pages. Behind the scenes, the service layer has a class with a simple authentication method:
doAuthenticate(String username, String password, String info) throws ServiceException
An exception occurs when login fails.
I would like to leave this existing service object, which makes the authentication intact, but "connect it" to the Spring security mechanism. Can someone suggest a better approach to this, please? Naturally, I would like to take the path of least resistance and leave work where possible until Spring ...
Thanks in advance.
source share