Oct 22nd, 2010, 06:45 AM
AbstractAuthenticationProcessingFilter vs. AbstractPreAuthenticatedProcessingFilter
I started a discussion on this topic in January already but didn't needed it then. But now I'm hitting this topic again. I don't know which one to choose best.
A little more information. I'm using Janrain.com for authentication.
Basically the flow looks like this:
- If user hits authenticated page redirect to login page
- On login page there is a sign in link. This sign link opens up the Janrain page (not on my domain, just a 3th party page/service)
- The user authenticated via the 3th party service
- The 3th party service redirects back to my application (e.g. /token) including a roken request param
- With this token param I can do a HTTP request to the service to retrieve the authenticated user data. The user data contains a identifier, access credentials, birthday, gender, address, email, friends list etc.
With the AbstractPreAuthenticatedProcessingFilter it *think* I cannot store all user data fields, but only principal (identifier in my case) and access credentials.
Therefor I think I need to use the AbstractAuthenticationProcessingFilter as I could implement a custom Authentication implementation that wat that would include the additional user data.
Am I right?
On my webpage