Announcement Announcement Module
Collapse
No announcement yet.
Setting Values in session Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Setting Values in session

    Hi,

    I am new to Spring Security and have implemented it using UserDetails from database. Now, as per our requirement we have 2 processes involved of login.

    1. Authentication and authorization which we have done using Spring Security
    2. We have 2 set of users. Administrators and normal user. Normal User can belong to any company and his UI will be as per company name. User-Company mapping is in the database.

    Since we have fixed set of JSP for Administrator we do not have any issue.

    For this we required that some session values (basically company name) we can store based on username and password. Please let me know which is the best place for it. Can we get request and session in class that implements UserDetailsService??

    I tried searching on google but was unable to find.

    Please help else my senior will force me to remove Spring Security .

    Thanks,
    Vikash Anand.

  • #2
    IMHO ..request and session objects shouldn't be propagated to the service layer..use it only in the controller. Your requirement of getting details which are post login have nothing to do with spring security. On a successful login get the company names for the user and populate a session bean with it. On a logout wipe that bean out.

    Comment


    • #3
      Hi,

      Thanks for response. I got the solution by writing class
      CustomAuthenticationProcessingFilter
      extends AuthenticationProcessingFilter with mapping in xml file.

      Now I am able to set session values. In this case using UserDetailService authentication is done and this class is executed only when there is successful authentication. I feel this is the right spot to do session settings.

      Please comment if my assumptions are correct.

      Thanks,
      Vikash Anand.

      Comment


      • #4
        I strongly suggest checking out AuthenticationSuccessHandler and LogoutSuccessHandler. These interfaces were created exactly for the requirement you just stated.

        Comment

        Working...
        X