This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Spring and the fly likes Sending in extra details with the authenticate method, passing in values through Spring security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Frameworks » Spring
Bookmark "Sending in extra details with the authenticate method, passing in values through Spring security" Watch "Sending in extra details with the authenticate method, passing in values through Spring security" New topic
Author

Sending in extra details with the authenticate method, passing in values through Spring security

Prajwal Paudyal
Greenhorn

Joined: Jan 17, 2013
Posts: 3


I needed to send in a few extra "details" along with the authenticate request, so what I am wanting to do is use authenicate(userId, String .valueOf(authentication.getCredentials()), extrainfo1, extrainfo2, extrainfo3, extrainfo4) instead of authenticate(userId, Strig .valueOf(authentication.getCredentials()).

All the extra info is information I need to pull from the request (user-agent). I am able to use a custom filter and get these from the request but I am not being able to find a way past the spring security classes so that I can pass these variables to the class that calls authenticate method.

In the class I am using the authenticate method, I don't have access to the request or the session ( out of the filter chain ). I have access to authentication which is of type UserNamePassWordAuthenticationToken from Spring security. What is my question is how to access the session information from within this class when all that is passed in from spring security is :
1. username.
2. authentication ( class UserNamePasswordAuthenticationToken)
Sagar Rohankar
Ranch Hand

Joined: Feb 19, 2008
Posts: 2902
    
    1

Prjwl Pdyl wrote:
I needed to send in a few extra "details" along with the authenticate request, so what I am wanting to do is use authenicate(userId, String .valueOf(authentication.getCredentials()), extrainfo1, extrainfo2, extrainfo3, extrainfo4) instead of authenticate(userId, Strig .valueOf(authentication.getCredentials()).

Use below method to set extra details before passing authenticate object to authentication method.
http://static.springsource.org/spring-security/site/docs/3.0.x/apidocs/org/springframework/security/authentication/AbstractAuthenticationToken.html#setDetails(java.lang.Object)
Prjwl Pdyl wrote:In the class I am using the authenticate method, I don't have access to the request or the session ( out of the filter chain ). I have access to authentication which is of type UserNamePassWordAuthenticationToken from Spring security. What is my question is how to access the session information from within this class when all that is passed in from spring security is :
1. username.
2. authentication ( class UserNamePasswordAuthenticationToken)
What information you want to access from session, don't you suppose to create user *session* only if she/he gets authenticated.


[LEARNING bLOG] | [Freelance Web Designer] | [and "Rohan" is part of my surname]
Prajwal Paudyal
Greenhorn

Joined: Jan 17, 2013
Posts: 3
Hey thanks for you reply. But I cannot figure out how to use AbstractauthenticationToken as it is a Spring class.

I am trying to extend UsernamePasswordAuthenticationToken and use a custom one, and also inject a custom filter that extends AbstractAuthenticationProcessingFilter so that it uses my instance of UsernamePasswordAuthenticationToken, but so far no luck.

Also, I need to send in information about the client machine along with the authenticate request so I have to have access to this before the user ever gets authenticate and is granted a user session.
Sagar Rohankar
Ranch Hand

Joined: Feb 19, 2008
Posts: 2902
    
    1

Prajwal Paudyal wrote:Hey thanks for you reply. But I cannot figure out how to use AbstractauthenticationToken as it is a Spring class.

I am trying to extend UsernamePasswordAuthenticationToken and use a custom one, and also inject a custom filter that extends AbstractAuthenticationProcessingFilter so that it uses my instance of UsernamePasswordAuthenticationToken, but so far no luck.

UsernamePasswordAuthenticationToken <- AbstractAuthenticationToken, so you are using AbstractAuthenticationToken in custom way, and the methos setDetails() can be used to whatever information you want to set about that user.
Prajwal Paudyal wrote:Also, I need to send in information about the client machine along with the authenticate request so I have to have access to this before the user ever gets authenticate and is granted a user session.

If you want to get user machine IP, there is a method for that in request object, else you've to pass that info with request param.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
 
subject: Sending in extra details with the authenticate method, passing in values through Spring security
 
Similar Threads
Can silent login be achieved?
Authenticating in Spring Security with password and username in url
custom security provider (role mapper) called every request
explicitly making any user logout from the site
Modifying a request using a Servlet Filter