Spring Security: put additional attributes(properties) in the session on success Authentication
The answer was given on spring forum. Link.
Generally, need to implement an ApplicationListener which listens for succes events and put additional attributes in the session there.
But in my case its not required to store attributes in the session. I can retrieve userID like here:
var userId = ${pageContext.request.userPrincipal.principal.id}
vacuum
CURRENT MISSION: Asking questions and finding answers The world which never pretends is the world which never ends © Looking for a job with relocation to USA/UK/Canada About 6+ years of experience in developing services and games using Java, Go lang, Spring framework, SQL and NoSQL. Interests: Different music, photography, neurobiology, science, buddhism, art. My photos: https://instagram.com/vacuum/
Updated on June 13, 2022Comments
-
vacuum almost 2 years
Just simple question: what is the best way to add attributes(properties) to the HttpSession on success authentication? The userID for example.
For now i'm using my own SimpleUrlAuthenticationSuccessHandler implementation in UsernamePasswordAuthenticationFilter and doing it like this:
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication auth) throws IOException, ServletException { PersonBean person = (PersonBean) auth.getPrincipal(); request.getSession().setAttribute("currentUserId", person .getId().toString()); super.onAuthenticationSuccess(request, response, auth);But I dont think this is good approach as there is another ways to do authentication(RememberMe for example).
So what do I need to use here?
-
Shaun the Sheep about 12 yearsThe persistent_logins table doesn't really have anything to do with storing attributes in the session. That's just a particular remember-me implementation. It does makes sense to store additional custom user attributes in the authentication object though.
