Sending in extra details with the authenticate method, passing in values through Spring security

I needed to send in a few extra "details" along with the authenticate request, so what I am wanting to do is use authenicate(userId, String .valueOf(authentication.getCredentials()), extrainfo1, extrainfo2, extrainfo3, extrainfo4) instead of authenticate(userId, Strig .valueOf(authentication.getCredentials()).

All the extra info is information I need to pull from the request (user-agent). I am able to use a custom filter and get these from the request but I am not being able to find a way past the spring security classes so that I can pass these variables to the class that calls authenticate method.

In the class I am using the authenticate method, I don't have access to the request or the session ( out of the filter chain ). I have access to authentication which is of type UserNamePassWordAuthenticationToken from Spring security. What is my question is how to access the session information from within this class when all that is passed in from spring security is :
1. username.
2. authentication ( class UserNamePasswordAuthenticationToken)

Prjwl Pdyl wrote:
I needed to send in a few extra "details" along with the authenticate request, so what I am wanting to do is use authenicate(userId, String .valueOf(authentication.getCredentials()), extrainfo1, extrainfo2, extrainfo3, extrainfo4) instead of authenticate(userId, Strig .valueOf(authentication.getCredentials()).

Use below method to set extra details before passing authenticate object to authentication method.
http://static.springsource.org/spring-security/site/docs/3.0.x/apidocs/org/springframework/security/authentication/AbstractAuthenticationToken.html#setDetails(java.lang.Object)

Prjwl Pdyl wrote:In the class I am using the authenticate method, I don't have access to the request or the session ( out of the filter chain ). I have access to authentication which is of type UserNamePassWordAuthenticationToken from Spring security. What is my question is how to access the session information from within this class when all that is passed in from spring security is :
1. username.
2. authentication ( class UserNamePasswordAuthenticationToken)

What information you want to access from session, don't you suppose to create user *session* only if she/he gets authenticated.

Hey thanks for you reply. But I cannot figure out how to use AbstractauthenticationToken as it is a Spring class.

I am trying to extend UsernamePasswordAuthenticationToken and use a custom one, and also inject a custom filter that extends AbstractAuthenticationProcessingFilter so that it uses my instance of UsernamePasswordAuthenticationToken, but so far no luck.

Also, I need to send in information about the client machine along with the authenticate request so I have to have access to this before the user ever gets authenticate and is granted a user session.

Prajwal Paudyal wrote:Hey thanks for you reply. But I cannot figure out how to use AbstractauthenticationToken as it is a Spring class.

I am trying to extend UsernamePasswordAuthenticationToken and use a custom one, and also inject a custom filter that extends AbstractAuthenticationProcessingFilter so that it uses my instance of UsernamePasswordAuthenticationToken, but so far no luck.

UsernamePasswordAuthenticationToken <- AbstractAuthenticationToken, so you are using AbstractAuthenticationToken in custom way, and the methos setDetails() can be used to whatever information you want to set about that user.

Prajwal Paudyal wrote:Also, I need to send in information about the client machine along with the authenticate request so I have to have access to this before the user ever gets authenticate and is granted a user session.

If you want to get user machine IP, there is a method for that in request object, else you've to pass that info with request param.