Joseph Schmoley wrote:
Where in the Acegi framework can I plug in a piece of code to be called upon successful Authentication? I need a couple of things to be placed onto the session after a user has been successfully authenticated into our system.
I took a look at net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilter and it looks like it's got everything I need except for a way to look for and run a registered callback object.
Unless I'm missing some other interface/class that I haven't seen yet, how does the following sound:
Add a callback property to the config for AuthenticationProcessingFilter:
<bean id="authenticationProcessingFilter"
class="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
<property name="authenticationManager">
<ref bean="authenticationManager"/>
</property>
<property name="authenticationFailureUrl">
<value>/login/loginError.do?login_error=1</value>
</property>
<property name="defaultTargetUrl">
<value>/</value>
</property>
<property name="filterProcessesUrl">
<value>/login/j_acegi_security_check.flt</value>
</property>
<property name="callback">
<ref bean="authenticationCallback"/>
</property>
</bean>
<bean id="authenticationCallback"
class="mycompany.mypackageAuthenticationCallback">
AuthenticationCallback would implement an interface HttpCallback:
/**
* A callback interface to be used whenever another process needs to be notified of an
* HTTP-related event that's occured. Its first use is a callback right after a successful
* authentication attemp.
*/
public interface HttpCallback {
* public* *void* callback(HttpServletRequest request, HttpServletResponse response);
}
This way the code at the end of AuthenticationProcessingFilter.attemptAuthentication() can be changed to check for this registered callback and call it before returning the Authentication object.
How does this sound?
Joseph
Hi Joseph
A callback is not a problem, it's just the methods to pass to the interface. Did you need something specific from the HttpServletRequest, or could we use an object not bound to the web tier (such as Authentication)?
Also, did you look at the recent changes to DaoAuthenticationProvider, which allows the User to store extra properties? This might be a way for you to store extra authentication success information, as User is placed in the Authentication upon authentication by DaoAuthenticationProvider.
Another possible approach might be to listen for AuthenticationEvents which are generated by DaoAuthenticationProvider.
I'm not sure which way is optimal, given I'm not sure what your callback is doing.
Best regards Ben
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
Acegisecurity-developer mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
