Custom AuthenticationProvider/AuthenticationManager

[mcsssc]

Hi,

I have read the official documentation, posts in this forum as well as posts on blogs, but Iam still not sure what I need to implement when having the following scenario:

- Authentication process requires three values. (Username, Password, 3rd String)
- I will authenticate again external systems.

Here are my questions:

- As far as I understood I need to implement an own AuthenticationProvider (already tested this.) But maybe it's better to implement an own AuthenticationManager, since I only need the above mentioned authencation mechanism?!
- I wonder how to provide the "3rd String" to the Authenticationprovider (i.e. j_username, j_password, How can I pass the "3rd String" from a JSP?)
- I want to add custom details (retrieved from the external systems) after the authentication was succesfull. (i.e. email, which will be used in the app)


Hopefully someone can point me to the right directon. Thanks in advance.

[mcsssc]

I think Iam on the right way. I extended the classes:

- UsernamePasswordAuthenticationToknen
- UsernamePasswordAuthenticationFilter

to support my "3rd String". I think the next steps are to provide an own AuthenticationManager with an custom FORM_LOGIN_FILTER.

Can someone confirm this?

[mcsssc]

Okay, got it, there are at minimum two ways to accomplish this.

1) Extend UsernamePasswordAuthenticationFilter, Extend AbstractUserDetailsAuthenticationProvider, Extend User (UserDetails)
2) Create an own AuthenticationProvider/AuthenticationManager

I now use way one, because it is closer to the default behaviour and I leverage existing functionalities (UserDetailsService, Delimiter-Tweak)


Best regards