Spring login process extension

Question

Spring login process extension

I currently have a user form login page in Spring Security 3 that submits its form data to the correct authentication url.

However, now I need to expand the process to support security issues after logging in, but before deleting the rest of the site.

I have several options for reading documentation, but I'm confused about the correct option.

Option 1: Keep the current login system and set up a special role that allows the user to access the security questions page. If they successfully complete the security issues process, add their correct roles to the security context.

Option 2: Subclass AbstractAuthenticationProcessingFilter and ask security questions as part of the login process. This is similar to spring -like, but I am stuck on how to maintain multiple pages for questions, disrupting the rest of the authentication structure.

+4

spring spring-security

chotchki Jun 30 '11 at 14:30

source share

2 answers

How about this approach:

When a user submits their username / password, save them in your session.
Redirect her to your questions.
When she finishes answering your questions, see if you want to log in. 3.1. If so, send her your saved credentials so that they can be caught and processed using the Spring Security Filter Chain. 3.2. If not, return it to the login page. (Or what you want to do in this case.)

0

craftsman Jun 30 '11 at 14:53

source share

chotchki · Accepted Answer · 2011-07-13T00:53:35+0000

In the end, I used option 1. @craftsman's answer is not suitable, since questions are asked for each user. It really works well.

Spring login process extension

More articles: