Announcement Announcement Module
Collapse
No announcement yet.
How to add custom RememberMeServices to form-login if remember-me element is not used Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to add custom RememberMeServices to form-login if remember-me element is not used

    I have a very stupid problem. I need to execute some logic on successful remember-me login. The default RememberMeAuthorizationFilter provides a onSuccessfulAuthentication for this, but if I add add a custom filter that implements it, I can no longer use remember-me element which means my customized RememberMeServices will not get wired into form login filter (i.e. UsernamePasswordAuthenticationFilter).

    So, how am I supposed to solve this? I just want to add some simple post-success logic.

  • #2
    You can manually create a fresh new one applicationContext-security.xml in order to define your custom filter set (be careful with the minimal filters required and with the global order)

    Code:
    ...
    <beans:beans xmlns="http://www.springframework.org/schema/security"...
    
        <beans:bean id="springSecurityFilterChain" class="org.springframework.security.web.FilterChainProxy">
        	<filter-chain-map path-type="ant">
        		<filter-chain pattern="/**" filters="
        		securityContextPersistenceFilter,
        		logoutFilter,
        		usernamePasswordAuthenticationFilter,
        		customRememberAuthenticationFilter,
        		exceptionTranslationFilter,
        		filterSecurityInterceptor" 
        	/>
        	</filter-chain-map>
        </beans:bean>
    
    <beans:bean id="securityContextPersistenceFilter" class="org.springframework.security.web.context.SecurityContextPersistenceFilter"/>
    
    ...
    
    <beans:bean id="customRememberAuthenticationFilter" ...

    Comment


    • #3
      You can also use an event listener to plug in behaviour rather than extending classes. Failing that you can use a BeanPostProcessor to make custom modifications to the configuration, as described in the FAQ.

      Comment


      • #4
        Great, thanks a lot!
        I've read the doc for BeanPostProcessor and event listeners now... didn't know about them before.

        Comment


        • #5
          Thanks to Luke from my part too.

          I had not read the FAQ and the BeanPostProcessor entry is very useful for me.

          Moreover, I've discovered the previous one, authentication in LDAP but authorization in DB, that is what I need in my programs and it's the reason why I'm used to creating custom filter bean set instead of using the security namespace (actually, I got used to doing that when I started to use Acegi 1.0)

          Comment

          Working...
          X