• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Liutauras Vilda
  • Paul Clapham
Sheriffs:
  • paul wheaton
  • Tim Cooke
  • Henry Wong
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Piet Souris
Bartenders:
  • Mike London

Sending in extra details with the authenticate method, passing in values through Spring security

 
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator


I needed to send in a few extra "details" along with the authenticate request, so what I am wanting to do is use authenicate(userId, String .valueOf(authentication.getCredentials()), extrainfo1, extrainfo2, extrainfo3, extrainfo4) instead of authenticate(userId, Strig .valueOf(authentication.getCredentials()).

All the extra info is information I need to pull from the request (user-agent). I am able to use a custom filter and get these from the request but I am not being able to find a way past the spring security classes so that I can pass these variables to the class that calls authenticate method.

In the class I am using the authenticate method, I don't have access to the request or the session ( out of the filter chain ). I have access to authentication which is of type UserNamePassWordAuthenticationToken from Spring security. What is my question is how to access the session information from within this class when all that is passed in from spring security is :
1. username.
2. authentication ( class UserNamePasswordAuthenticationToken)
 
Ranch Hand
Posts: 2908
1
Spring Java Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Prjwl Pdyl wrote:
I needed to send in a few extra "details" along with the authenticate request, so what I am wanting to do is use authenicate(userId, String .valueOf(authentication.getCredentials()), extrainfo1, extrainfo2, extrainfo3, extrainfo4) instead of authenticate(userId, Strig .valueOf(authentication.getCredentials()).


Use below method to set extra details before passing authenticate object to authentication method.
http://static.springsource.org/spring-security/site/docs/3.0.x/apidocs/org/springframework/security/authentication/AbstractAuthenticationToken.html#setDetails(java.lang.Object)

Prjwl Pdyl wrote:In the class I am using the authenticate method, I don't have access to the request or the session ( out of the filter chain ). I have access to authentication which is of type UserNamePassWordAuthenticationToken from Spring security. What is my question is how to access the session information from within this class when all that is passed in from spring security is :
1. username.
2. authentication ( class UserNamePasswordAuthenticationToken)

What information you want to access from session, don't you suppose to create user *session* only if she/he gets authenticated.
 
Prajwal Paudyal
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hey thanks for you reply. But I cannot figure out how to use AbstractauthenticationToken as it is a Spring class.

I am trying to extend UsernamePasswordAuthenticationToken and use a custom one, and also inject a custom filter that extends AbstractAuthenticationProcessingFilter so that it uses my instance of UsernamePasswordAuthenticationToken, but so far no luck.

Also, I need to send in information about the client machine along with the authenticate request so I have to have access to this before the user ever gets authenticate and is granted a user session.
 
Sagar Rohankar
Ranch Hand
Posts: 2908
1
Spring Java Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Prajwal Paudyal wrote:Hey thanks for you reply. But I cannot figure out how to use AbstractauthenticationToken as it is a Spring class.

I am trying to extend UsernamePasswordAuthenticationToken and use a custom one, and also inject a custom filter that extends AbstractAuthenticationProcessingFilter so that it uses my instance of UsernamePasswordAuthenticationToken, but so far no luck.


UsernamePasswordAuthenticationToken <- AbstractAuthenticationToken, so you are using AbstractAuthenticationToken in custom way, and the methos setDetails() can be used to whatever information you want to set about that user.

Prajwal Paudyal wrote:Also, I need to send in information about the client machine along with the authenticate request so I have to have access to this before the user ever gets authenticate and is granted a user session.


If you want to get user machine IP, there is a method for that in request object, else you've to pass that info with request param.
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic