I started a discussion on this topic in January already but didn't needed it then. But now I'm hitting this topic again. I don't know which one to choose best.

A little more information. I'm using Janrain.com for authentication.
Basically the flow looks like this:

- If user hits authenticated page redirect to login page
- On login page there is a sign in link. This sign link opens up the Janrain page (not on my domain, just a 3th party page/service)
- The user authenticated via the 3th party service
- The 3th party service redirects back to my application (e.g. /token) including a roken request param
- With this token param I can do a HTTP request to the service to retrieve the authenticated user data. The user data contains a identifier, access credentials, birthday, gender, address, email, friends list etc.


With the AbstractPreAuthenticatedProcessingFilter it *think* I cannot store all user data fields, but only principal (identifier in my case) and access credentials.

Therefor I think I need to use the AbstractAuthenticationProcessingFilter as I could implement a custom Authentication implementation that wat that would include the additional user data.

Am I right?



On my webpage