Aug 19th, 2011, 04:40 PM
PreAuthenticationProcessingFilter unique issue
I have implemented the remember me (persistence token based) service and that i working fine along with UsernamePasswordAuthenticationFilter. However, after a user logs in, if the user is an administrator, he/she should be able to log in as someone else just by providing JUST the username. The application should behave as if the original user has signed in. I think PreAuthenticationFilter would suffice my needs, just a theory. Any help is appreciated.
Jan 20th, 2012, 04:34 PM
Posting the solution just in case if anyone is facing the same issue:
Create new PreAuthenticatedAuthenticationToken token
here's the code:
Collection<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
GrantedAuthority g1 = new GrantedAuthorityImpl("SOMEROLE_SOMEUSER");
PreAuthenticatedAuthenticationToken authentication =
new PreAuthenticatedAuthenticationToken("userid", "",authorities);
request.getSession().setAttribute("SPRING_SECURITY _LAST_USERNAME", "userid");
rememberMeServices.loginSuccess(request, response, authentication);
customAuthenticationSuccessHandler.onAuthenticatio nSuccess(request, response, authentication);
- that's it....
Tags for this Thread