Announcement Announcement Module
No announcement yet.
Display registration page after PRE_AUTH authentication Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Display registration page after PRE_AUTH authentication

    I've set up Spring Security successfully using a PRE_AUTH_FILTER.

    Visitors can signin the application using Twitter, Facebook etc using the Janrain4j library.
    I'm also using a custom AuthenticationSuccessHandler which determines if a signed in user is visiting the application for the first time or not. In this case I redirect to a registration page where the visitor has to confirm name, e-mail etc.
    In my UserDetailsService I check if the user is stored in the application DB and if not the authority UNREGISTERED is set to indicate the user has not yet registered.

    This works very well as Spring Security is very flexible.

    When the visitor wants to avoid the registration (he/she can click a link on the page) I want to force them to go back to registration page.
    The rule for this is quit easy. Authenticated and contains the role UNREGISTERED.
    Off course I could write a ordinary servlet filter (outside Spring Security) to check this.
    But I'm wondering if Spring Security has something for this.


  • #2
    Not really. I would just build it into your preauth filter, since you already have the redirect in there. The blog I wrote on GAE does something similar.


    • #3
      Hmm. Actually it doesn't redirect them to the registration page, looking at it again. If they choose to bypass it (by typing in a different URL, for example), then they will get an AccessDeniedException. Generally the workflow within the registration controller would prevent them leaving using normal navigation via links, form submissions etc.

      It should still be easy to add the check to your filter though.