Link to home
Create AccountLog in
Avatar of cgray1223
cgray1223

asked on

Spring Security Auto Authenticate User

Hello,

I have a security flow where I'm receiving an xml that I need to verify.  If it passes that logic then I do a select on my users table (UserDetail implementation) if they exist I can log them in using the below, but if they don't exists I need to Auto Authenticate them. Would I just do an insert into the users table in my super.getAuthenticationManager().authenticate method and return the newly created UserDetails object?

    public class XMLAuthenticationFilter extends AbstractAuthenticationProcessingFilter{
          public XMLAuthenticationFilter() {
              super("/xml_security_check");
          }
   
          @Override
          public Authentication attemptAuthentication(HttpServletRequest request,
                      HttpServletResponse response) throws AuthenticationException,
                      IOException, ServletException {
                
                       GrantedAuthority[] grantedAuthorities = new GrantedAuthority[] { new GrantedAuthorityImpl("ROLE_USER")};
                       UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("username", "userpwd", grantedAuthorities);
                  request.getSession();
                  token.setDetails(new WebAuthenticationDetails(request));
                  Authentication authenticatedUser = super.getAuthenticationManager().authenticate(token);
                  SecurityContextHolder.getContext().setAuthentication(authenticatedUser);
                  request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, SecurityContextHolder.getContext());
                  return authenticatedUser;
                 }
    }
ASKER CERTIFIED SOLUTION
Avatar of Sathish David  Kumar N
Sathish David Kumar N
Flag of India image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Avatar of cgray1223
cgray1223

ASKER

I think you're correct.  But really when I query my users table and I see that they user doesn't exist then I can automatically authenticate them since I've received an xml from the other web site.  One question would be how would the Filter receive the XML POST?  I would I get the xml off the request to the filter?
How to get the xml file from other site?
They are doing a HTTP POST with the data to my Filter url path, well that is the plan.  
then that link will help full for you ..
The link you sent explains how to parse the xml into an object from a file, but what I really don't understand is how to retrieve the xml off the HttpRequest coming into the filter.  
hmm then you  need web services call for that
Ok...so the web service gets the xml and then calls the filter?  How would the webservice call the filter and pass the data?  Just thinking out loud....
that is some what big topic...
wait some other experts will give some better suggestion than me....(as per i know web services gd)