Comments on: Custom AuthenticationProcessingFilter for spring security to perform actions on login

By: Norman

Norman — Fri, 28 Oct 2011 14:32:00 +0000

Other option.

http://oajamfibia.wordpress.com/2011/07/07/role-based-login-redirect/#comment-12

By: Gaurav Arora

Gaurav Arora — Fri, 28 Oct 2011 10:30:18 +0000

Glad to be of help. Wish I was still working with Spring and could help more.

By: Kiyoko Stanifer

Kiyoko Stanifer — Fri, 28 Oct 2011 01:20:07 +0000

Nice read, I just passed this onto a colleague who was doing some research on that. And he actually bought me lunch as I found it for him smile Therefore let me rephrase that: Thanks for lunch! “For most of history, Anonymous was a woman.” by Virginia Woolf.

By: NaiveGeek

NaiveGeek — Thu, 01 Apr 2010 21:51:06 +0000

Hey Gurav,
Thanks for the info posted. It explained lot clearly and helped me successfully accomplish my task
Naive Geek

By: Andi

Andi — Mon, 21 Sep 2009 10:16:07 +0000

Hi!
I have the same problem. It works only for filters=”none”, but then the redirect to https (reqires-channel=”https”) doesn’t work… Any idea?

By: Fuz

Fuz — Wed, 02 Sep 2009 19:04:05 +0000

Great stuff!
everything almost works! but look at this:

here you wrote filters=”none”. if you replace this with access=”IS_AUTHENTICATED_ANONYMOUSLY” browser goes to unstoppable redirecting. do you know what is it?
Also spring security error handling dissapeared – server HTTP Status 401 error page now appears.

By: Gaurav Arora

Gaurav Arora — Tue, 18 Aug 2009 05:28:56 +0000

Read this link on an idea of how to handle exceptions globally. This is possibly the easiest way to do it.

By: sunny

sunny — Thu, 13 Aug 2009 17:14:48 +0000

I have customized AuthenticationProcessingFilter for custom authentication. All working fine except, upon the unsuccess authentication, I like to display a custom message. So I am throwing BadCredentialExecption with the custom message. Upong the unsucessfull attempt, it never takes to the login page and never displays custom message. I see all the stacktrace on the page. URL shows j_spring_security_check.

Any idea pls? I appreciate it

@Override
protected void onUnsuccessfulAuthentication(HttpServletRequest request,
HttpServletResponse response, AuthenticationException failed) throws AuthenticationException, IOException
{
throw new BadCredentialsException(“Log In information not valid: Please enter a valid Username and associated Password.”);
}

By: Dario

Dario — Thu, 11 Jun 2009 19:46:30 +0000

the previus post didn’t show the following line
” ”

after “because for the username I can do ”
And before “But because the object ”
Sorry for the mess..

By: Dario

Dario — Thu, 11 Jun 2009 19:43:32 +0000

Hi! thanks for this very usefull tutorial. Anyway reading it, when you say

“you don’t necessarily need to do all this work just to put your user’s details in the session. You can instead write a custom UserDetailsService which returns an extended User object (or your own implementation of UserDetails) which contains your user details.”

I followed the article and I implemented my UserDetailsService, but now How do I get user details from the session? I mean, in a JSP page how do I get for example the user email? because for the username I can do

But because the object “Principal” has a method called .getName()
How can I do a similar thing with other user details?

Many thanks in advance for the answer
Dario