I'm using spring-lemon for my web application project. Spring-lemon uses standard form login by default, which works fine. Now, however, I need to use authentication with json request, something like this:
{"username":"spring.user", "password":"s3cret"}
How should I achieve this safely? I've searched for it, and I've seen different solutions, but I couldn't use them with success.
Spring Lemon doesn't come with this feature. However, I think you can code an end-point where you can manually fetch the user, match the password, decorate it and then set the authentication as below:
SecurityContextHolder.getContext().setAuthentication(
new UsernamePasswordAuthenticationToken(user,
user.getPassword(), user.getAuthorities()));
The LemonTokenAuthenticationFilter does similar thing - you can have a look at it.
