Results 1 to 5 of 5

Thread: Put additional attributes(properties) in the session on success Auth

Hybrid View

  1. Feb 21st, 2012, 04:13 AM #1
    vacuum
    vacuum is offline Junior Member
    Join Date
    Feb 2012
    Posts
    3

    Cool Put additional attributes(properties) in the session on success Auth

    Just simple question: what is the best way to add attributes(properties) to the HttpSession on success authentication? The userID for example.

    For now i'm using my own SimpleUrlAuthenticationSuccessHandler implementation in UsernamePasswordAuthenticationFilter and doing it like this:

    Code:
    public void onAuthenticationSuccess(HttpServletRequest request,
    			HttpServletResponse response, Authentication auth)
    			throws IOException, ServletException {
    		PersonBean person = (PersonBean) auth.getPrincipal();
    		request.getSession().setAttribute("currentUserId", person .getId().toString());
            super.onAuthenticationSuccess(request, response, auth);
    But I dont think this is good approach as there is another ways to do authentication(RememberMe for example).

    So what do I need to use here?
    Reply With Quote Reply With Quote
  2. Feb 21st, 2012, 04:26 AM #2
    Marten Deinum
    Marten Deinum is online now Senior Member
    Join Date
    Jun 2006
    Location
    The Netherlands
    Posts
    13,695

    Default

    Why are you setting it anyway?You can retrieve it from the principal. However I would simply do it in a custom SuccesHandler justlike you did (that is at least the easiest extension point imho).
    Marten Deinum
    Java Consultant / Pragmatist / Open Source Enthousiast / Author

    Pro Spring MVC: With Web Flow
    Conspect

    Have you read the reference guide.
    Use the [ code ] tags, young padawan
    Reply With Quote Reply With Quote
  3. Feb 21st, 2012, 04:36 AM #3
    vacuum
    vacuum is offline Junior Member
    Join Date
    Feb 2012
    Posts
    3

    Default

    What if need to put information that not related to User object?

    Custom SuccesHandler is good for me, but as I wrote, there is another ways to do authentication. For example, RememberMeAuthenticationFilter dont use SuccesHandler.
    Here is my UsernamePasswordAuthenticationFilter definition:

    Code:
    <bean id="authenticationFilter" class=
    "org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
	    <property name="authenticationManager" ref="authenticationManager"/>
	    <property name="filterProcessesUrl" value="/j_spring_security_check"/>
	    <property name="authenticationFailureHandler" ref="failureHandler"/>
	    <property name="authenticationSuccessHandler" ref="successHandler"/>
	    <property name="rememberMeServices" ref="rememberMeServices"></property>
	</bean>
    Reply With Quote Reply With Quote
  4. Feb 21st, 2012, 04:42 AM #4
    Marten Deinum
    Marten Deinum is online now Senior Member
    Join Date
    Jun 2006
    Location
    The Netherlands
    Posts
    13,695

    Default

    Another way would be to implement an ApplicationListener which listens for succes events, draw back is that you would need to find someway to get access to the users session (if that is available at all). You could also modify/extend the RememberMeAuthenticationFilter to call the succes/failure handlers.
    Marten Deinum
    Java Consultant / Pragmatist / Open Source Enthousiast / Author

    Pro Spring MVC: With Web Flow
    Conspect

    Have you read the reference guide.
    Use the [ code ] tags, young padawan
    Reply With Quote Reply With Quote
  5. Feb 21st, 2012, 04:43 AM #5
    vacuum
    vacuum is offline Junior Member
    Join Date
    Feb 2012
    Posts
    3

    Default

    Hmm, second approach sounds good, need to try.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules