wemu
Mar 31st, 2010, 01:08 PM
hello
I've got some trouble to understand howto alter the userdetails available when the user has not yet logged in.
My goal is that the call to:
SecurityContextHolder.getContext().getAuthenticati on().getDetails();
returns the same interface if the user is logged in or if the user is still anonymous. currently we use a custom authentication provider (which works nice and well)
But until the user logged in there are anonymous tokens when I read the userDetails from the SecurityContextHolder.
How can I configure spring-security to have a common interface here? Since some things like switching languages is available for anonymous users too. When there is a 'real' (logged in) user the language is read from that user.
I've tried to change the source where the anonymous filter creates its details:
<authentication-manager>
<authentication-provider ref="myAuthenticationProvider" />
</authentication-manager>
<beans:bean id="myWebAuthSource" class="org.springframework.security.web.authentication.We bAuthenticationDetailsSource">
<beans:property name="clazz" value="com.web.acl.MyWebAuthenticationDetails" />
</beans:bean>
<beans:bean id="anonymousAuthFilter" class="org.springframework.security.web.authentication.An onymousAuthenticationFilter">
<beans:property name="key" value="foobar" />
<beans:property name="userAttribute" value="anonymousUser,ROLE_ANONYMOUS" />
<beans:property name="authenticationDetailsSource" ref="myWebAuthSource" />
</beans:bean>
com.web.acl.MyWebAuthenticationDetails extends WebAuthenticationDetails
But this clazz configured is only created during startup and then somewhere replaced in the anonymous filter by a WebAuthenticationDetails again... I could not figure out why or when this happens.
Could someone give me some hints on how the alter the anonymous user details to have a common interface withe the user datails when the user is logged in?
Thanks!
regards
werner
I've got some trouble to understand howto alter the userdetails available when the user has not yet logged in.
My goal is that the call to:
SecurityContextHolder.getContext().getAuthenticati on().getDetails();
returns the same interface if the user is logged in or if the user is still anonymous. currently we use a custom authentication provider (which works nice and well)
But until the user logged in there are anonymous tokens when I read the userDetails from the SecurityContextHolder.
How can I configure spring-security to have a common interface here? Since some things like switching languages is available for anonymous users too. When there is a 'real' (logged in) user the language is read from that user.
I've tried to change the source where the anonymous filter creates its details:
<authentication-manager>
<authentication-provider ref="myAuthenticationProvider" />
</authentication-manager>
<beans:bean id="myWebAuthSource" class="org.springframework.security.web.authentication.We bAuthenticationDetailsSource">
<beans:property name="clazz" value="com.web.acl.MyWebAuthenticationDetails" />
</beans:bean>
<beans:bean id="anonymousAuthFilter" class="org.springframework.security.web.authentication.An onymousAuthenticationFilter">
<beans:property name="key" value="foobar" />
<beans:property name="userAttribute" value="anonymousUser,ROLE_ANONYMOUS" />
<beans:property name="authenticationDetailsSource" ref="myWebAuthSource" />
</beans:bean>
com.web.acl.MyWebAuthenticationDetails extends WebAuthenticationDetails
But this clazz configured is only created during startup and then somewhere replaced in the anonymous filter by a WebAuthenticationDetails again... I could not figure out why or when this happens.
Could someone give me some hints on how the alter the anonymous user details to have a common interface withe the user datails when the user is logged in?
Thanks!
regards
werner