Home/ Questions/Q 7844951
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-02T17:03:50+00:00

I am trying to set up a simple spring mvc / spring security webapp,

  • 0

I am trying to set up a simple spring mvc / spring security webapp, but I can’t seem to find the way to accomplish this:

  1. I’d like to use the normal @Secured annotations, and if the user isn’t logged in I’d like them to be redirected to the login page, and back to where they were (this is normal behaviour which I’ve managed to accomplish)
  2. I’d like the login form to be my own controller/template pair (also common and accomplished).
  3. I’d like the login form above to submit to my own controller which will authenticate the user credentials against my backend restful service. It then receives a security token back from the service. At this point I’d like to manually flag the session as authenticated authenticated and attach the token to it.

How do I go about implementing the last stage?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    OK the answer is basically:

    SecurityContextHolder.getContext().setAuthentication(...)

    However to be able to use it in the scenario I described above where the Spring MVC controller controls the authentication process, a few other things need to be done:

    1. You must either use one of the available Impls of Authentication or create one. I found it best to subclass AbstractAuthenticationToken.

    2. Spring security won’t start up without an authentication manager which isn’t used in this scenario, so I created a null authentication manager:

      @Service("nullAuthenticationProvider")
public class NullAuthenticationProvider implements AuthenticationProvider
{
    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException
    {
        return authentication;
    }

    @Override
    public boolean supports(Class<?> authentication)
    {
        return true;
    }
}

    3. And finally the spring context.xml:

      <security:global-method-security secured-annotations="enabled" />

<security:http disable-url-rewriting="true">
    <security:access-denied-handler error-page="/login" />
    <security:form-login login-page="/login" />
</security:http>

<security:authentication-manager>
    <security:authentication-provider ref='nullAuthenticationProvider'/>
</security:authentication-manager>
    • 0