I implemented my own AuthenticationProcessingFilter in which I set the authentication token to an instance of DomainSecurityAuthenticationToken, which is a class derived from UsernamePasswordAuthenticationToken.

DomainSecurityAuthenticationToken has an extra property "domain".

Using the custom filter with the new token class works fine.

Now I want to use the same token class (and the extra property "domain") during authorisation.

In my own Voter (I'm using spring security 2.x) I added the following lines in the vote() method:

DomainSecurityAuthenticationToken token = (DomainSecurityAuthenticationToken) authentication;

At run-time I get the following error on this line:

java.lang.ClassCastException: org.springframework.security.providers.UsernamePas swordAuthenticationToken cannot be cast to be.vlaamsbrabant.domainsecuritytest.security.Domai nSecurityAuthenticationToken
be.vlaamsbrabant.domainsecuritytest.security.UrlVo ter.vote(UrlVoter.java:18)


How can I use the same token for authorisation that I used for authentication?
Do I again have to replace a filter? Which one?