Announcement Announcement Module
No announcement yet.
Executing code after any kind of authentication Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Executing code after any kind of authentication

    In a previous post I asked about getting the username into the session after authentication. Finally I ended up making my own JSP tag and everything worked fine.But now, my application is growing and right now I need more complex things (access to some objects related to the user and other stuff) I want to know if there is some method that I can override every time an authentication takes place no matter if a user gives the username and password, if it gets authenticated by a remember me service or whatever... Something like onSuccessfulAuthentication for AbstractProcessingFilter...

    Suppose I want to track everytime a person uses the app, in that method I'll put code to update some stats in a database or something.

  • #2
    How about using the event publishing capabilities of AbstractSecurityInterceptor and/or DaoAuthenticationProvider? They're documented in the reference guide.


    • #3
      I've been looking in the reference guide and the capabilities of DaoAuthenticationProvider doesn't seem to solve my problem as it is particular for one kind of authentication... I mean... there's also a RememberMeAuthentication Provider and I need some kind of superclass to do something each time any of both kinds of authentication takes place.

      Looking at AbstractSecurityInterceptor I realize it comes closer to what I need as it handles the life cycle of interaction with secure objects (at least that's what I understand). It'll be great to publish an event after this step in the life cycle:

      a. Authenticate the request against the configured AuthenticationManager, replacing the Authentication object on the ContextHolder with the returned value.
      How can I publish it?

      Thanks for your reply and for all the work you spared me with Acegi. Awesome tool...


      • #4
        Do you need to publish it? Most of the SecurityInterceptionEvents provide a getAuthentication() so you can obtain it directly from the event already.


        • #5
          Let me see If I understand... If I write a class that it is aware of the AuthorizedEvents, will I be able to do anything after any kind of authentication? Won't the code be executed after each access to a secured object? I need a place to put code to be executed only after a successful authentication.


          • #6
            I never really knew what your end use case was:

            Suppose I want to track everytime a person uses the app, in that method I'll put code to update some stats in a database or something.
            If you can tell me a little more about what you want to achieve, I'll be able to offer specific suggestions.


            • #7
              I need to do some specific things every time a user gets authenticated. At first I only needed to put the User's first and last name, but now I want to update login statistics everytime a user logs into the system, and several other things. I need to put the user in the session so it will be accesible by JSTL-EL (i.e. ${user.anyfield}) and in further stages of development I'll need access to other database to check what's the current work in progress of the User. I don't know if I'm explaining it very good as english is not my native language...

              To put it short and clear: I have designed and implemented some code that makes all the things I've told when a user get's authenticated. I've put this into onSuccessfulAuthentication and works fine... but it doesn't work when the authentication takes place by the remember-me services. I want that code to be executed when a user enters his username and password but also when he enters the app having the remember-me cookie and he gets automatically authenticated.



              • #8
                Quick fix approach might be to extend RememberMeServices, override autoLogin(HttpServletRequest, HttpServletResponse), and publish an event if the user is auto logged in. Then wire your overridden class into your RememberMeProcessingFilter bean.


                • #9
                  Thanks Ben! Problem Solved!

                  Overriding autoLogin was what I was looking for...