Announcement Announcement Module
Collapse
No announcement yet.
Access HTTP Session after successful login using "remember_me"? Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Access HTTP Session after successful login using "remember_me"?

    I am having trouble accessing the HTTP session after a user is successfully authenticated. I would like to add some information to the user's session after they are authenticated for the first time or uses the "remember_me" functionality. This seems like a pretty common use case - what is the best way to do this?

    I figured I would try to do this by overriding the AuthenticationProcessingFilter & RememberMeProcessingFilter, but the RememberMe part is giving me trouble.

    The code below works fine. My custom information is added to the session...
    Code:
    public class MyAuthenticationProcessingFilter extends AuthenticationProcessingFilter {
    
    	AppUserService appUserService;
    	TeamRoleDao teamRoleDao;
    	
    	@Override
    	protected void onSuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, Authentication authResult)  throws IOException {
    		
    		// Add my custom information to the session
    		AppUser appUser = appUserService.findByUserName(authResult.getName());
    		HashSet<TeamRole> teamRoles = new HashSet<TeamRole>(teamRoleDao.findByAppUserId(appUser.getAppUserId()));
    		appUser.setTeamRoles(teamRoles);
    		request.getSession().setAttribute("sesAppUser", appUser);
    
    		// Continue on with authentication
    		super.onSuccessfulAuthentication(request, response, authResult);
    	}
    
    }
    This code, however, does not add my custom info to the session. Authentication is successful, but my added information is "gone" by the time it displays the resulting page. Almost like it creates a new session after using the rememberMe functionality.
    Code:
    public class MyRememberMeProcessingFilter extends RememberMeProcessingFilter {
    
    	AppUserService appUserService;
    	TeamRoleDao teamRoleDao;
    	
    	@Override
    	protected  void onSuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, Authentication authResult) {
    		
    		// Add my custom information to the session
    		// !!! THIS DOESN'T WORK !!!
    		AppUser appUser = appUserService.findByUserName(authResult.getName());
    		HashSet<TeamRole> teamRoles = new HashSet<TeamRole>(teamRoleDao.findByAppUserId(appUser.getAppUserId()));
    		appUser.setTeamRoles(teamRoles);
    		request.getSession().setAttribute("sesAppUser", appUser);
    		
    		// Continue on with authentication
    		super.onSuccessfulAuthentication(request, response, authResult);
    	}
    
    }
    Has anyone does this with success?

  • #2
    Try this doing your custom additions herehttp://static.springsource.org/sprin...ssHandler.html

    Comment


    • #3
      Sounds like that exactly what I'm looking for. I am using Spring Sec 2.x. Is this class available in this version or just 3.x?

      Comment


      • #4
        This is since 3.0

        Comment


        • #5
          That's what I was afraid of. Thanks for the reply.

          Comment

          Working...
          X