Announcement Announcement Module
No announcement yet.
Manual Authentication Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Manual Authentication

    I'm not sure that the framework is meant to be used this way, but recently, I've had to do manual authentication (implementing spring-social...) One of the last steps of integration is to do sign-in. I've explicitly created the session management beans because I want to manually register the login after it happens.

    for example:

    public class MySignInAdapterImpl implements SignInAdapter {
    	private ConcurrentSessionControlStrategy sessionStrategy;
    	public String signIn(String userId, Connection<?> connection,
    			NativeWebRequest request) {
                 ...lots of code...
    		Authentication authentication = signInUser(user);
    		HttpServletRequest req = (HttpServletRequest) request
    		HttpServletResponse res = (HttpServletResponse) request
    		// set remember-me cookie
    		tokenBasedRememberMeServices.onLoginSuccess(req, res, authentication);
    		// create a session
    		sessionStrategy.onAuthentication(authentication, req, res);
                 .... more code...
    The good news is that the JSessionID is passed back properly, and subsequent calls to an @Secured endpoint (actually, a CXF REST endpoint) works just fine.

    Is there any side effects of what I did above? Am I abusing the strategy object?