May 22nd, 2010, 07:02 AM
Setting Values in session
I am new to Spring Security and have implemented it using UserDetails from database. Now, as per our requirement we have 2 processes involved of login.
1. Authentication and authorization which we have done using Spring Security
2. We have 2 set of users. Administrators and normal user. Normal User can belong to any company and his UI will be as per company name. User-Company mapping is in the database.
Since we have fixed set of JSP for Administrator we do not have any issue.
For this we required that some session values (basically company name) we can store based on username and password. Please let me know which is the best place for it. Can we get request and session in class that implements UserDetailsService??
I tried searching on google but was unable to find.
Please help else my senior will force me to remove Spring Security .
May 22nd, 2010, 04:14 PM
IMHO ..request and session objects shouldn't be propagated to the service layer..use it only in the controller. Your requirement of getting details which are post login have nothing to do with spring security. On a successful login get the company names for the user and populate a session bean with it. On a logout wipe that bean out.
May 24th, 2010, 12:54 AM
Thanks for response. I got the solution by writing class
extends AuthenticationProcessingFilter with mapping in xml file.
Now I am able to set session values. In this case using UserDetailService authentication is done and this class is executed only when there is successful authentication. I feel this is the right spot to do session settings.
Please comment if my assumptions are correct.
May 24th, 2010, 07:21 AM
I strongly suggest checking out AuthenticationSuccessHandler and LogoutSuccessHandler. These interfaces were created exactly for the requirement you just stated.