Aug 21st, 2012, 07:44 AM
Converting remember me user to fully authenticated by re-entering password
I've just started using Spring Security (3.1.1) in a web app with form based login and so far so good.
I now need to convert a remember me user to a fully authenticated user (by asking them to re-enter their password). They should then be re-directed to the page requiring full authentication.
It seems like something that would not be uncommon but I couldn't see anything in the forums on this.
The default behaviour of the ExceptionTranslationFilter is to throw an AccessDeniedException if a remember me user tries to access a resource requiring full authentication.
I can easily implement an AccessDeniedHandler and forward them to the existing login page but I'd like to use a separate login page where they just need to enter a password. In addition, the ExceptionTranslationFilter doesn't save the request in the request cache as it does for AuthenticationException or AccessDeniedException (anonymous user) so they can't be automatically re-directed following the login.
Is there a standard way to do this or any ideas for the best way?
Thanks for any help!
Tags for this Thread