Manual Authentication
I'm not sure that the framework is meant to be used this way, but recently, I've had to do manual authentication (implementing spring-social...) One of the last steps of integration is to do sign-in. I've explicitly created the session management beans because I want to manually register the login after it happens.
for example:
The good news is that the JSessionID is passed back properly, and subsequent calls to an @Secured endpoint (actually, a CXF REST endpoint) works just fine.Code:public class MySignInAdapterImpl implements SignInAdapter { @Autowired private ConcurrentSessionControlStrategy sessionStrategy; public String signIn(String userId, Connection<?> connection, NativeWebRequest request) { ...lots of code... Authentication authentication = signInUser(user); HttpServletRequest req = (HttpServletRequest) request .getNativeRequest(); HttpServletResponse res = (HttpServletResponse) request .getNativeResponse(); // set remember-me cookie tokenBasedRememberMeServices.onLoginSuccess(req, res, authentication); // create a session sessionStrategy.onAuthentication(authentication, req, res); .... more code... }
Is there any side effects of what I did above? Am I abusing the strategy object?
Reply With Quote