Announcement Announcement Module
Collapse
No announcement yet.
Setting a cookie value after authentication Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Setting a cookie value after authentication

    I'm not sure if this belongs here or not, but I am using Spring MVC & Spring Security using form based authentication and was wondering how I can set a cookie value once the user is successfully authenticated. I've looked at the documentation and it doesn't appear to be obvious how to do this. Here is my spring-security file:


    <bean id="filterChainProxy" class="org.springframework.security.util.FilterCha inProxy">
    <security:filter-chain-map path-type="ant">
    <security:filter-chain pattern="/**" filters="httpSessionContextIntegrationFilter,formA uthenticationProcessingFilter,exceptionTranslation Filter,filterSecurityInterceptor"/>
    </security:filter-chain-map>
    </bean>
    <bean id="httpSessionContextIntegrationFilter" class="org.springframework.security.context.HttpSe ssionContextIntegrationFilter"/>

    <bean id="formAuthenticationProcessingFilter" class="org.springframework.security.ui.webapp.Auth enticationProcessingFilter">
    <property name="filterProcessesUrl" value="/j_spring_security_check"/>
    <property name="authenticationFailureUrl" value="/loginFailed.htm"/>
    <property name="defaultTargetUrl" value="/index.htm"/>
    <property name="authenticationManager" ref="authenticationManager"/>
    </bean>


    <bean id="exceptionTranslationFilter" class="org.springframework.security.ui.ExceptionTr anslationFilter">
    <property name="authenticationEntryPoint">
    <ref local="formLoginAuthenticationEntryPoint"/>
    </property>
    </bean>

    <bean id="filterSecurityInterceptor" class="org.springframework.security.intercept.web. FilterSecurityInterceptor">
    <property name="authenticationManager">
    <ref local="authenticationManager" />
    </property>
    <property name="accessDecisionManager">
    <ref local="accessDecisionManager" />
    </property>
    <property name="objectDefinitionSource">
    <value>
    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    PATTERN_TYPE_APACHE_ANT
    /secure/**=ROLE_USER
    /index.htm=ROLE_USER
    /admin/**=ROLE_ADMIN
    </value>
    </property>
    </bean>

    <bean id="authenticationManager" class="org.springframework.security.providers.Prov iderManager">
    <property name="providers">
    <list>
    <!-- use this to encrypt/decrypt passwords -->
    <ref local="csaAuthenticationProvider" />
    </list>
    </property>
    </bean>

    <bean id="csaAuthenticationProvider" class="com.sonybmg.csa.service.impl.CsaAuthenticat ionProvider">
    <property name="adminFacade" ref="adminFacade"/>
    <property name="passwordEncoder" ref="passwordEncoder"/>
    </bean>
    <bean id="accessDecisionManager" class="org.springframework.security.vote.Unanimous Based">
    <property name="decisionVoters">
    <list>
    <ref local="roleVoter" />
    </list>
    </property>
    </bean>

    <bean id="roleVoter" class="org.springframework.security.vote.RoleVoter ">
    <property name="rolePrefix" value="ROLE"/>
    </bean>

    <bean id="formLoginAuthenticationEntryPoint" class="org.springframework.security.ui.webapp.Auth enticationProcessingFilterEntryPoint">
    <property name="loginFormUrl" value="/login.htm"/>
    <property name="forceHttps" value="false"/>
    </bean>

    Does this question belong in the SpringMVC forum?

    Any help would be great! Thanks!

  • #2
    Hi. I'm no expert but it seems once you are authenticated, and pass beyond the acegi filter chain, you are into the realm of Spring MVC and can set a cookie using an interceptor or by any other means.

    I'm not sure if your specific scenario requires you to hook into Spring Security, by way of setting or reading the cookie, but setting a cookie after the fact should be straight forward.

    Comment

    Working...
    X