Home/ Questions/Q 6693701
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T06:00:52+00:00

I have set up spring security to intercept correctly and prompt user with custom

  • 0

I have set up spring security to intercept correctly and prompt user with custom login page, that then authenticates correctly and adds userdetails to SecurityContextHolder.

Supplementary to that I now want to add my own custom User object added to session whenever login is performed; so the code will look like this: 

public returnwhat? doMySupplementaryLogin() {

   UserDetails principal = (UserDetails) SecurityContextHolder.getContext()
                                .getAuthentication().getPrincipal();
   MyUser user = myUserService.getMyUser(principal.getUsername());

   add user to what ?
}

Where will this code go? I want the nomral spring authentication to be performed and then the above code will put a MyUser object into session and then send user to the original intercepted url/viewname. I have the strong feeling I am making things more complicated than they need to be …

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You do make it complicated… 🙂

    What you want is to add a custom authentication provider to spring’s normal authentication manager.
    So you would configure the authentication manager like this:

        <security:authentication-manager alias="authenticationManager">
      <security:authentication-provider user-service-ref="authServiceImpl">
        <security:password-encoder ref="passwordEncoder"/>
      </security:authentication-provider>
    </security:authentication-manager>
    <bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.Md5PasswordEncoder"/>

    Now you only need to define the authServiceImpl bean inside your spring context. You can either do this through xml or annotations (my prefered way).

    @Service
public class AuthServiceImpl implements AuthService {

    You need to implement the AuthService interface. Just implement to methods from the interface – should be pretty straight forward.
    You don’t need to put things into the SecurityContextHolder yourself – spring will do that.

    What you want is this:

    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
     return MyUser user = myUserService.getMyUser(username);
}

    Feel free to ask if you have any further questions.

    EDIT:
    Or you could just have your UserService class implement the interface – I just did it like this because you didn’t provide your UserService class.

    • 0