This is my scenario:
- a web-app perform a sort-of SSO for many applications
- logged-in user than click on a link and the app makes a post with user informations (name, pwd [useless], roles) toward the proper application
- I am implementing SpringSecurity on one of these application to benefit from its power (authorities in session, methods provided by its classes, remember-me functionalities via cookie, etc)
So, I need to develop a custom filter - I guess - that is able to retrieve user informations from request, retrieve from database, through a custom DetailsUserService, further information about the user (email, etc...) and then perform authentication of that user, according to the role retrieved from the request.
I was looking at Pre-Authentication filters, but I'm not sure that it is the right choice. It seems that those object are expected to be used when the principal is already in session, put by some previous authentication machanism (is it right?).
I think that, once identified the correct filter, I should need to perform within something like:
Is it the proper direction to solve my problem? Do you have suggestions to help me find what's missing?
GrantedAuthority ga= new GrantedAuthority;
ga = new GrantedAuthorityImpl(myUser.getRole());
SecurityContext sc = SecurityContextHolder.getContext();
Authentication a = new UsernamePasswordAuthenticationToken(userName, userPwd, ga);
a = authenticationManager.authenticate(a);
Thank you all,