Spring Security
  1. Spring Security
  2. SEC-978

Add onSuccessfulAuthentication to AbstractPreAuthenticatedProcessingFilter

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Won't Fix
    • Affects Version/s: 2.0.3
    • Fix Version/s: 3.0.0 M1
    • Component/s: Core
    • Labels:
      None

      Description

      I would like to be able to add specific behaviour on successful authentication. I have a custom filter which is a subclass of AbstractPreAuthenticatedProcessingFilter, and I would like to be able to override or at least extend the behaviour of successfulAuthentication(). Would it be possible to add some kind of template onSuccessfulAuthentication method in the base class that could be called within successfulAuthentication()?

      e.g. abstract void onSuccessfulAuthentication(HttpServletRequest request ..... )

      within successfulAuthentication():

      ...
      onSuccessfulAuthentication(request.....);
      ....

      At the moment I cant find a way to override this in my subclasses.

        Activity

        Hide
        Luke Taylor added a comment -

        You can already override the behaviour of successfulAuthentication since it's a protected method. Is there some additional requirement that you have? I can't really see what would prevent you from overriding the behaviour as it stands.

        Show
        Luke Taylor added a comment - You can already override the behaviour of successfulAuthentication since it's a protected method. Is there some additional requirement that you have? I can't really see what would prevent you from overriding the behaviour as it stands.
        Hide
        Luke Taylor added a comment -

        I can't see any requirement for this, given that the current successfulAuthentication method is effectively just:

        protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, Authentication authResult) {
        SecurityContextHolder.getContext().setAuthentication(authResult);
        if (this.eventPublisher != null)

        { eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(authResult, this.getClass())); }

        }

        and is already protected.

        Show
        Luke Taylor added a comment - I can't see any requirement for this, given that the current successfulAuthentication method is effectively just: protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, Authentication authResult) { SecurityContextHolder.getContext().setAuthentication(authResult); if (this.eventPublisher != null) { eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(authResult, this.getClass())); } } and is already protected.

          People

          • Assignee:
            Luke Taylor
            Reporter:
            Rory Winston
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: