Home/ Questions/Q 8494137
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-10T23:13:02+00:00

My web application uses a pre-authentication method. By the time that the request reaches

  • 0

My web application uses a pre-authentication method. By the time that the request reaches my application, userPrincipal is correctly set.
I know it’s not using Java EE container security, it is using some module configured on the Apache web server.

Therefore, I’m unsure what pre-authetication method to use. Ideally I want something similar to the RequestHeaderAuthenticationFilter except that it just reads the userPrincipal from the request instead of the header.

Is there an out of the box mechanism to achieve this?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Just extend and then register AbstractPreAuthenticatedProcessingFilter, everything is in documentation:

    public class RequestPreAuthenticatedProcessingFilter
    extends AbstractPreAuthenticatedProcessingFilter {

  private static final String USER_PRINCIPAL_KEY = "";

  @Override
  protected Object getPreAuthenticatedPrincipal(final HttpServletRequest request) {
    return request.getAttribute(USER_PRINCIPAL_KEY);
  }

  @Override
  protected Object getPreAuthenticatedCredentials(final HttpServletRequest request) {
    return "N/A"; // or whatever you need
  }
}

    and in security-context.xml:

    <security:http>
  <!-- Additional http configuration omitted -->
  <security:custom-filter position="PRE_AUTH_FILTER" ref="preAuthFilter" />
</security:http>

<bean id="preAuthFilter"
    class="com.example.RequestPreAuthenticatedProcessingFilter">
  <property name="authenticationManager" ref="authenticationManager">
</bean>
    • 0