Announcement Announcement Module
No announcement yet.
Put additional attributes(properties) in the session on success Auth Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Put additional attributes(properties) in the session on success Auth

    Just simple question: what is the best way to add attributes(properties) to the HttpSession on success authentication? The userID for example.

    For now i'm using my own SimpleUrlAuthenticationSuccessHandler implementation in UsernamePasswordAuthenticationFilter and doing it like this:

    public void onAuthenticationSuccess(HttpServletRequest request,
        			HttpServletResponse response, Authentication auth)
        			throws IOException, ServletException {
        		PersonBean person = (PersonBean) auth.getPrincipal();
        		request.getSession().setAttribute("currentUserId", person .getId().toString());
                super.onAuthenticationSuccess(request, response, auth);
    But I dont think this is good approach as there is another ways to do authentication(RememberMe for example).

    So what do I need to use here?

  • #2
    Why are you setting it anyway?You can retrieve it from the principal. However I would simply do it in a custom SuccesHandler justlike you did (that is at least the easiest extension point imho).


    • #3
      What if need to put information that not related to User object?

      Custom SuccesHandler is good for me, but as I wrote, there is another ways to do authentication. For example, RememberMeAuthenticationFilter dont use SuccesHandler.
      Here is my UsernamePasswordAuthenticationFilter definition:

      <bean id="authenticationFilter" class=
      	    <property name="authenticationManager" ref="authenticationManager"/>
      	    <property name="filterProcessesUrl" value="/j_spring_security_check"/>
      	    <property name="authenticationFailureHandler" ref="failureHandler"/>
      	    <property name="authenticationSuccessHandler" ref="successHandler"/>
      	    <property name="rememberMeServices" ref="rememberMeServices"></property>


      • #4
        Another way would be to implement an ApplicationListener which listens for succes events, draw back is that you would need to find someway to get access to the users session (if that is available at all). You could also modify/extend the RememberMeAuthenticationFilter to call the succes/failure handlers.


        • #5
          Hmm, second approach sounds good, need to try.