Announcement Announcement Module
No announcement yet.
Force authenticate for certain pages even if logged in? Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Force authenticate for certain pages even if logged in?

    I know there are some financial sites out there that do this, but is there a way to force the user to re-authenticate even if they are logged in if they go to certain pages? Say we want them to authenticate again to go to the page to update their profile settings.

    An example would be a user is at a public computer and they walk away and forgot to log out. Even if someone tried to go to the page to update their information they would have to authenticate again before being able to.

  • #2
    I was wondering if anyone knows how to request a feature be added to Spring Security. I think this is a very useful function. Banks have started doing this for transfers and other things so that even if someone is logged in, to perform a specific action or go to a specific page would require re-authenticating.


    • #3
      I guess it is not too difficult to solve it if you have a deep knowledge on the filters of Spring Security. Probably one of them should be subclassed, or a new filter should be inserted.

      It is also possible that some of the filters or delegates already have this feature but the setup could be also difficult when you should define the whole filter chain manually in order to have reference to the bean where you can setup the needed property.

      It is always so with Spring Sec: it is very flexible but you need a deep knoledge to get this flexibility working.