I have a question how I would best combine X509AuthenticationFilter with some on-success logic which should initialize the user's session. I have form-based authentication already running with an implementation of AuthenticationSuccessHandler plugged into UsernamePasswordAuthenticationFilter.

Now I want to configure my application for X.509 authentication and found that X509AuthenticationFilter does not accept an AuthenticationSuccessHandler.

What is the best way to achieve my custom session initialization?
  • Should I extend X509AuthenticationFilter to use an AuthenticationSuccessHandler as well?
  • Or would I rather do something completely different for the same purpose? What fits best into the overall architecture?


Thanks for any insights.