Announcement Announcement Module
No announcement yet.
AbstractAuthenticationProcessingFilter vs. AbstractPreAuthenticatedProcessingFilter Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • AbstractAuthenticationProcessingFilter vs. AbstractPreAuthenticatedProcessingFilter

    I started a discussion on this topic in January already but didn't needed it then. But now I'm hitting this topic again. I don't know which one to choose best.

    A little more information. I'm using for authentication.
    Basically the flow looks like this:

    - If user hits authenticated page redirect to login page
    - On login page there is a sign in link. This sign link opens up the Janrain page (not on my domain, just a 3th party page/service)
    - The user authenticated via the 3th party service
    - The 3th party service redirects back to my application (e.g. /token) including a roken request param
    - With this token param I can do a HTTP request to the service to retrieve the authenticated user data. The user data contains a identifier, access credentials, birthday, gender, address, email, friends list etc.

    With the AbstractPreAuthenticatedProcessingFilter it *think* I cannot store all user data fields, but only principal (identifier in my case) and access credentials.

    Therefor I think I need to use the AbstractAuthenticationProcessingFilter as I could implement a custom Authentication implementation that wat that would include the additional user data.

    Am I right?

    On my webpage