I need to do some user things when a user tries to log in based on their username, but this should happen before the authentication process. Here is what I still have.
Our system allows you to use multiple email addresses, and the client wants the user to be able to authenticate using any 1 of them. To resolve this, I created a custom UserDetailsService and found the code accordingly.
Other things I need to do require a few flags on the user object that spring-security really don't know or don't care. But I need to connect to the auth process, check these flags and return the corresponding error messages to the user. To give a more concrete example, I need to know if this is the first time a user has ever logged in. Therefore, we have a flag for the user to track this. When a user tries to authenticate, I need to read this value and do some things, including send a message to the user and stop authentication.
I looked at the Event Listener mechanisms in the documentation, but what I don't see how to do is how to add my own workflow through listeners. I need to make a thread like this:
Out with a valid email address, but for the first time โ cancel authentication โ display a message on the login page
I think that if I manage to cope with one scenario, I can understand the rest that I need.
UPDATE: now I read the filters to see if I missed something ...
Gregg source share