Announcement Announcement Module
Collapse
No announcement yet.
how to save user information in session after registration? Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • how to save user information in session after registration?

    greeting all.
    Please help me, i will appreciate any answer.
    i have a simple web application that within i use than spring security with spring mvc.
    i read some articles and i can setup a simple and no complex web application.
    im customizing loginpage and change some of dafault behavior of spring security like as changin
    action url or j_username , j_password fields.
    and its a snipped of my applicationContext-security.xml code

    Code:
        <context:component-scan base-package="com.tosan.statisticapplication"/>
        <http entry-point-ref="loginUrlAuthenticationEntryPoint" use-expressions="true">
            <!--suppress SpringModelInspection -->
            <custom-filter position="FORM_LOGIN_FILTER" ref="loginFilter"/>
            <intercept-url pattern="/WEB-INF/pages/login.jsp" access="permitAll"/>
            <intercept-url pattern="/login/failure.html" access="permitAll"/>
            <intercept-url pattern="/loginFailure.html" access="permitAll"/>
            <intercept-url pattern="/styles/**" access="permitAll"/>
            <intercept-url pattern="/images/**" access="permitAll"/>
            <intercept-url pattern="/userPage.html" access="permitAll"/>
            <intercept-url pattern="/index.html" access="permitAll"/>
            <intercept-url pattern="/register.html" access="permitAll"/>
            <intercept-url pattern="/authenticateUser.html" access="permitAll"/>
            <intercept-url pattern="/registeringUser.html" access="permitAll"/>
            <intercept-url pattern="/login.html" access="permitAll"/>
            <intercept-url pattern="/favicon.ico" access="permitAll"/>
            <intercept-url pattern="/**" access="hasRole('ROLE_USER')"/>
            <logout invalidate-session="true" logout-url="/logout" logout-success-url="/login.html"/>
        </http>
    
        <beans:bean id="loginUrlAuthenticationEntryPoint"
                    class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
            <beans:property name="loginFormUrl" value="/login.html"/>
        </beans:bean>
    
        <beans:bean id="loginFilter"
                    class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
            <beans:property name="sessionAuthenticationStrategy" ref="sas"/>
            <beans:property name="usernameParameter" value="userName"/>
            <beans:property name="passwordParameter" value="password"/>
            <beans:property name="filterProcessesUrl" value="/authenticateUser"/>
            <beans:property name="authenticationManager" ref="authenticationManager"/>
            <beans:property name="authenticationSuccessHandler" ref="successHandlerBean"/>
            <beans:property name="authenticationFailureHandler" ref="failureHandlerBean"/>
        </beans:bean>
    
        <beans:bean id="sas"
                    class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
            <beans:constructor-arg name="sessionRegistry" ref="sessionRegistry"/>
            <beans:property name="maximumSessions" value="1"/>
        </beans:bean>
        <beans:bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl"/>
        <authentication-manager alias="authenticationManager">
            <authentication-provider ref="dbAuthenticationProvider">
                <jdbc-user-service data-source-ref="dataSource"/>
            </authentication-provider>
        </authentication-manager>
        <beans:bean id="successHandlerBean"
                    class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">
            <beans:property name="defaultTargetUrl" value="/userPage.html"/>
        </beans:bean>
    
        <beans:bean id="failureHandlerBean"
                    class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
            <beans:property name="defaultFailureUrl" value="/loginFailure.html"/>
        </beans:bean>
    
        <beans:bean id="dbAuthenticationProvider"
                    class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
            <beans:property name="userDetailsService" ref="userAuthenticationService"/>
    
        </beans:bean>
    
        <beans:bean class="com.tosan.statisticapplication.service.user.UserAuthenticationService" id="userAuthenticationService">
            <beans:property name="dataSource" ref="dataSource"/>
        </beans:bean>
    ok every things work fine and ther is no problem until i logining to system and logout.
    bu i have a question at this point when a user want to register i think i must redirecting user to
    /authenticateUser after validating username and password and from one way registering userinformation in session,
    exactly like as when user logining to system.

    so i do this in this way :
    Code:
        @RequestMapping(value = "registeringUser", method = RequestMethod.POST)
        public ModelAndView doUserRegistration(UserInformationPasswordConfirmation userInformationPasswordConfirmation,
                                         BindingResult bindingResult) {
            registrationValidation.validate(userInformationPasswordConfirmation, bindingResult);
            if (bindingResult.hasErrors()) {
                return new ModelAndView("userRegistration", "userInformationPasswordConfirmation",
                        userInformationPasswordConfirmation);
            } else {
                userService.saveUser(userInformationPasswordConfirmation.getUserInformation());
                return new ModelAndView("redirect:authenticateUser.html?userName="+userInformationPasswordConfirmation
                        .getUserInformation().getUserName()+"&password="+userInformationPasswordConfirmation
                        .getUserInformation().getPassword(), "userInformation",
                        userInformationPasswordConfirmation.getUserInformation());
            }
        }
    but i think this is not proper method.
    is there any better solution?
    how can i redirect to a method with "POST" method type?

    its my class that load my user from db for extra information:

    Code:
    public class UserAuthenticationService extends JdbcDaoImpl {
    
        @Autowired
        UserService userService;
    
        @Override
        public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
            UserDetails userDetails = userService.loadUserByUserName(username);
            if (userDetails != null) {
                return userDetails;
            } else {
                throw new UsernameNotFoundException("Username Not Found");
            }
        }
    }

  • #2
    but i think this is not proper method. is there any better solution?
    You can keep a reference to AuthenticationProvider in your registration class to authenticate and then manually add the Authentication object to the security context. But this makes the request not to go through all the filters you have.

    Comment


    • #3
      One more thing is, is it really necessary to define all the beans (i.e. filters) when you can use namespace support.

      Comment

      Working...
      X