Geek Answers Handbook

Adding a user to a session, spring.

I have spring protection installed to correctly intercept and request a user with a user login page, which then authenticates correctly and adds user data to the SecurityContextHolder.

In addition to this, now I want to add my own user user object added to the session when the login is completed; so the code will look like this:

public returnwhat? doMySupplementaryLogin() {

   UserDetails principal = (UserDetails) SecurityContextHolder.getContext()
                                .getAuthentication().getPrincipal();
   MyUser user = myUserService.getMyUser(principal.getUsername());

   add user to what ?
}

Where will this code go? I want a nominal spring check to be performed, and then the above code puts the MyUser object into the session, and then sends the user to the original intercepted url / viewname. I have a strong feeling that I am making things more complicated than they should be ...

+6
source share
2 answers

You make it complicated ... :)

What you want is to add a custom authentication provider to your regular spring authentication manager. Therefore, you should configure the authentication manager as follows:

    <security:authentication-manager alias="authenticationManager">
      <security:authentication-provider user-service-ref="authServiceImpl">
        <security:password-encoder ref="passwordEncoder"/>
      </security:authentication-provider>
    </security:authentication-manager>
    <bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.Md5PasswordEncoder"/>

Now you only need to define an authServiceImpl bean inside your spring context. You can do this via xml or annotations (my preferred way).

@Service
public class AuthServiceImpl implements AuthService {

You need to implement the AuthService interface. Just implement the methods from the interface - should be pretty straightforward. You do not need to add things to the SecurityContextHolder yourself - spring will do this.

What you want is:

public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
     return MyUser user = myUserService.getMyUser(username);
}

, .

EDIT: UserService - , UserService.

+10

AuthenticationSuccessHandler, , , , , :

public class AuthenticationSuccessWithSessionHandler extends SavedRequestAwareAuthenticationSuccessHandler implements AuthenticationSuccessHandler, LogoutSuccessHandler {

    public static final String USERNAME = "username";
    public static final String PASSWORD = "password";

    @Override
    public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
        request.getSession().removeAttribute(USERNAME);
        request.getSession().removeAttribute(PASSWORD);
    }

    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
        super.onAuthenticationSuccess(request, response, authentication);
        request.getSession().setAttribute(PASSWORD, request.getParameter(PASSWORD));
        request.getSession().setAttribute(USERNAME, request.getParameter(USERNAME));
    }
}


        AuthenticationSuccessWithSessionHandler successHandler = new AuthenticationSuccessWithSessionHandler();
        http.authorizeRequests().antMatchers("/login", "/logout", "/images", "/js").permitAll().antMatchers("/feeds/**")
                .authenticated().and().formLogin()
                .successHandler(successHandler)
                .and().logout().logoutUrl("/logout").logoutSuccessHandler(successHandler).logoutSuccessUrl("/login");

, extends SavedRequestAwareAuthenticationSuccessHandler URL- .

+1

More articles: