If you are using some container managed authentication mechanism like standard java form based authentication or spring security authentication mechanism, You are not really involving with user credential validation, like checking user name and password against the database, but the container is fully responsible for this. But what will happen if you want to pass some additional parameters with log-in details(username and password)?. The well known and most common scenario is passing "Keep me logged in" or "Remember me" check box value with your log-in details and doing some work with that while container is authenticating the user.
Recently, I had to implement the "Keep me logged in" function for one of my current project which are using spring 3 security as authentication mechanism. I am little new to spring 3 and it was challenging work for me of passing "Keep me logged in" check box status into spring's authentication provider class.
With this post, I will explain, How I achieved that.
The application uses 'AuthenticationProvider' class which extends from spring's 'AbstractUserDetailsAuthenticationProvider' and overrides 'retrieveUser' method which returns spring's UserDetails instance. Normally, authentication details are provided to 'retrieveUser' method via spring's 'WebAuthenticationDetails' instance.
Bellow shows the snip of code from 'retrieveUser' method of my authentication provider class.@Override protected User retrieveUser(String userName, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException { OGGER.debug("Retrieve user : " + userName); final String password = authentication.getCredentials().toString(); WebAuthenticationDetails webAuthenticationDetails = authentication.getDetails()); try { User user = userBusiness.getUserByUsernameAndPassword(userName, password); logger.debug("Remote address : " + webAuthenticationDetails.getRemoteAddress()); logger.debug("Session Id : " + webAuthenticationDetails.getSessionId()); //................. return user; } catch (Exception e) { e.printStackTrace(); } }
I wanted to get "Keep me logged in" check box value into 'retrieveUser' method. It was very obvious that I am not able to get the check box value with current situation. The 'WebAuthenticationDetails' provides some details like remote address, session id etc, But not our own additional details.
As the next step, I implemented my own custom class by extending 'WebAuthenticationDetails' and put 'rememberMe' as a bean property.That class shows bellow.
package com.blimp.webapp.security; import javax.servlet.http.HttpServletRequest; import org.springframework.security.web.authentication.WebAuthenticationDetails; /** * @author semika * */ public class BlimpAuthenticationDetails extends WebAuthenticationDetails { private static final long serialVersionUID = 2012033417540858020L; private String rememberMe; public String getRememberMe() { return rememberMe; } //This constructor will be invoked by the filter public BlimpAuthenticationDetails(HttpServletRequest request) { super(request); this.rememberMe = request.getParameter("rememberMe"); } }
The next thing is, How we tell spring security engine to use my custom authentication detail class instead of using 'WebAuthenticationDetails' class when authenticating a user?.
For this one, we have to configure authentication processing filter in our spring security xml file. Some filtered contents from security XML file are shown bellow.<http auto-config="false"> <custom-filter ref="authenticationProcessingFilter" before="FORM_LOGIN_FILTER"/> <form-login login-page="/login.jsp?type=login" authentication-failure-url="/login.jsp?login_error=true" default-target-url="/getRedirectPage.htm"/> <intercept-url pattern="/**" access="ROLE_ADMIN,ROLE_USER" /> </http> <authentication-manager alias="authenticationManager"> <authentication-provider ref="daoAuthenticationProvider" /> </authentication-manager> <beans:bean id="authenticationProcessingFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter"> <beans:property name="authenticationManager" ref="authenticationManager"/> <beans:property name="authenticationDetailsSource"> <beans:bean class="org.springframework.security.authentication.AuthenticationDetailsSourceImpl"> <beans:property name="clazz" value="com.blimp.webapp.security.BlimpAuthenticationDetails"/> </beans:bean> </beans:property> </beans:bean>
The 'daoAuthenticationProvider' is the instance of my 'AuthenticationProvider' class which extends 'AbstractUserDetailsAuthenticationProvider' and it has overridden 'retrieveUser' method. The my updated 'retrieveUser' method will be as follows.
@Override protected User retrieveUser(String userName, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException { OGGER.debug("Retrieve user : " + userName); final String password = authentication.getCredentials().toString(); BlimpAuthenticationDetails webAuthenticationDetails = ((BlimpAuthenticationDetails) authentication.getDetails()); try { User user = userBusiness.getUserByUsernameAndPassword(userName, password); logger.debug("Remote address : " + webAuthenticationDetails.getRemoteAddress()); logger.debug("Session Id : " + webAuthenticationDetails.getSessionId()); logger.debug("Remember me : " + webAuthenticationDetails.getRememberMe()); //................. return user; } catch (Exception e) { e.printStackTrace(); } }
As you can see above, I can get the remember me check box value from 'retrieveUser' method.
http://static.springsource.org/spring-security/site/docs/3.0.7.RELEASE/reference/remember-me.html
ReplyDeletehttp://static.springsource.org/spring-security/site/docs/3.0.7.RELEASE/apidocs/org/springframework/security/web/authentication/RememberMeServices.html
@Gireesh: Yes, Gireesh, I know this. But, I wanted to use my own login.jsp page,not the standard one created by spring itself. And also,not using 'UserDetailsService' and I am using my own authentication provider.
ReplyDeleteHi,
ReplyDeleteYou seems to have reinvented wheel,
_spring_security_remember_me could be directly mapped to check box in login form like j_username.
Hi,
ReplyDeletewhen I start jetty I'm getting:
WARN o.s.s.c.h.DefaultFilterChainValidator - Possible error: Filters at position 3 and 4 are both instances of org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
Any idea?
Thanks
https://bayanlarsitesi.com/
ReplyDeleteYenibosna
Anadolu Kavağı
İçerenköy
Yeşilköy
JGZW
Diyarbakır
ReplyDeleteSamsun
Antep
Kırşehir
Konya
F0KF5
Kocaeli
ReplyDeleteDenizli
Bartın
Kocaeli
Adana
D6MJN3
yozgat
ReplyDeletesivas
bayburt
van
uşak
AMU1DK
görüntülü show
ReplyDeleteücretlishow
0FMN
görüntülüshow
ReplyDeleteücretli show
ZVU51
https://titandijital.com.tr/
ReplyDeleteedirne parça eşya taşıma
tunceli parça eşya taşıma
ordu parça eşya taşıma
aydın parça eşya taşıma
C2QKB
kayseri evden eve nakliyat
ReplyDeleteantalya evden eve nakliyat
izmir evden eve nakliyat
nevşehir evden eve nakliyat
kayseri evden eve nakliyat
14HİFS
4DB51
ReplyDeleteKarabük Şehir İçi Nakliyat
Artvin Şehir İçi Nakliyat
Konya Parça Eşya Taşıma
Tekirdağ Parça Eşya Taşıma
Çankırı Şehirler Arası Nakliyat
Tekirdağ Şehirler Arası Nakliyat
Bingöl Şehir İçi Nakliyat
Çerkezköy Kurtarıcı
Aydın Şehirler Arası Nakliyat
D705E
ReplyDeleteBinance Referans Kodu
Trabzon Evden Eve Nakliyat
pharmacy steroids for sale
order fat burner
order steroids
masteron
testosterone enanthate for sale
order dianabol methandienone
Karaman Evden Eve Nakliyat
34F49
ReplyDeleteAdana Parça Eşya Taşıma
Mamak Fayans Ustası
Ardahan Şehirler Arası Nakliyat
Edirne Şehir İçi Nakliyat
Çerkezköy Sineklik
İstanbul Şehirler Arası Nakliyat
Aksaray Lojistik
Bilecik Şehir İçi Nakliyat
Isparta Lojistik
73E92
ReplyDeleteÇerkezköy Halı Yıkama
Erzincan Şehir İçi Nakliyat
Çerkezköy Marangoz
Tokat Lojistik
Ünye Mutfak Dolabı
Muğla Lojistik
Pursaklar Boya Ustası
Tunceli Evden Eve Nakliyat
Muğla Parça Eşya Taşıma
71BDC
ReplyDeleteIsparta Evden Eve Nakliyat
Çerkezköy Parke Ustası
Çerkezköy Korkuluk
Etimesgut Fayans Ustası
Bursa Şehir İçi Nakliyat
Bitlis Şehir İçi Nakliyat
Çanakkale Parça Eşya Taşıma
Tekirdağ Çatı Ustası
Çerkezköy Fayans Ustası
4FEC8
ReplyDeleteDxy Coin Hangi Borsada
Alya Coin Hangi Borsada
Van Parça Eşya Taşıma
Trabzon Lojistik
Tokat Evden Eve Nakliyat
Pursaklar Fayans Ustası
Malatya Evden Eve Nakliyat
Çerkezköy Organizasyon
Malatya Şehir İçi Nakliyat
53651
ReplyDeleteBolu Evden Eve Nakliyat
Sakarya Şehirler Arası Nakliyat
Tokat Parça Eşya Taşıma
Kayseri Parça Eşya Taşıma
Urfa Şehir İçi Nakliyat
Kastamonu Evden Eve Nakliyat
Tekirdağ Cam Balkon
Artvin Parça Eşya Taşıma
Ünye Oto Lastik
E9628
ReplyDeleteBurdur Şehirler Arası Nakliyat
Artvin Şehir İçi Nakliyat
Adana Parça Eşya Taşıma
Ardahan Parça Eşya Taşıma
Bolu Evden Eve Nakliyat
Mamak Parke Ustası
Sivas Şehir İçi Nakliyat
Tekirdağ Evden Eve Nakliyat
Binance Referans Kodu
916E8
ReplyDeleteNiğde Şehirler Arası Nakliyat
Urfa Şehirler Arası Nakliyat
Bybit Güvenilir mi
Yozgat Şehirler Arası Nakliyat
Vindax Güvenilir mi
Ünye Asma Tavan
Kripto Para Nedir
Mersin Şehir İçi Nakliyat
Antep Şehirler Arası Nakliyat
0CB63
ReplyDeletehttps://referanskodunedir.com.tr/
CDAD9
ReplyDeletemuş rastgele sohbet odaları
Samsun Görüntülü Sohbet Kadınlarla
kilis sesli sohbet sesli chat
diyarbakır canlı sohbet ücretsiz
amasya görüntülü sohbet uygulama
Balıkesir Ücretsiz Görüntülü Sohbet
niğde mobil sohbet odaları
kırklareli canli sohbet bedava
yalova sesli sohbet sitesi
0B2BE
ReplyDeletebartın telefonda görüntülü sohbet
bingöl görüntülü sohbet siteleri
artvin chat sohbet
canlı sohbet sitesi
denizli ücretsiz sohbet odaları
karabük sesli sohbet uygulamaları
antalya en iyi rastgele görüntülü sohbet
en iyi görüntülü sohbet uygulamaları
siirt sohbet odaları
B75D4
ReplyDeleteBitcoin Kazma
Discord Sunucu Üyesi Satın Al
Kripto Para Nedir
Pinterest Takipçi Satın Al
Parasız Görüntülü Sohbet
Soundcloud Reposts Satın Al
Lunc Coin Hangi Borsada
Soundcloud Takipçi Hilesi
Binance Para Kazanma
D39EEC4503
ReplyDeletewhatsapp cam şov