Home/ Questions/Q 969459
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-16T02:38:38+00:00

In my application I’m using LDAP authentication. But i’m also have 2 remote services

  • 0

In my application I’m using LDAP authentication. But i’m also have 2 remote services which requires authentication via method login(username, password). The method returns security token which makes me able to invoke another methods, i.e. I should pass security token to service methods as first argument.
So I’d like to get these security tokens immediately after successful login using LDAP and store them in SecurityContext. I tried to use authentication-success-handler-ref of form-login element. Using the handler I replace Authentication object in the SecurityContext with custom AuthenticationToken that holds not only password but also security tokens. But in this case I have an exception that no authentication provider supports this class of token.
I know it’s also possible to store tokens in the HTTP session but in this case I have to pass session to service object, so I’d like to store the tokens in SecurityContext.

What is the best approach to handle service security token?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I often use the Authentication.getDetails() object to store additional info that may not be directly linked to the user per say. So you can store any object you want in that field (a HashMap for instance) and it shares the Authentication object life cycle.

    HashMap<String, Object> info = new HashMap<String, Object>();
info.put("extraInfo", "info");
auth.setDetails(info);
...
Map<String, Object> i = (Map<String, Object>)SecurityContextHolder.getContext().getAuthentication.getDetails();
    • 0