Skip to main content

Acegi onSuccessfulAuthentication

Some time back, I raised a jira in Acegi, which was turned down. There was no adequate response from spring team. Here I am writing about it, so other spring users (read gurus) may pitch in.
//Edited to short and precise
protected void successfulAuthentication(HttpServletRequest request,
    HttpServletResponse response, Authentication authResult)
    throws IOException {

    SecurityContextHolder.getContext().setAuthentication(authResult);

    String targetUrl = (String) request.getSession()
                 .getAttribute(ACEGI_SECURITY_TARGET_URL_KEY);
    request.getSession().removeAttribute(ACEGI_SECURITY_TARGET_URL_KEY);

    if (alwaysUseDefaultTargetUrl == true) {
        targetUrl = null;
    }

    if (targetUrl == null) {
        targetUrl = request.getContextPath() + defaultTargetUrl;
    }

    // user call back hook
    onSuccessfulAuthentication(request, response, authResult);
    //...
    response.sendRedirect(response.encodeRedirectURL(targetUrl));
}
The Acegi framework's AbstractProcessingFilter provides a callback method onSuccessfulAuthentication for calling user logic after a successful login - generally used for building user login context specific to application. The landing page is *pre-determined* before this call so NO matter what happens in this method, it is redirected to land on the said page. So,  if there is a data or application error while doing it, it is still going to the same page redirected to. The only way to control the flow is by throwing an exception and handling it either by Acegi Exception Handlers or catching that exception in web.xml

My Request was to be able to use a different flow, and send to a different page. In my case, If there was a user that was in our Transaction DB but not in legacy DB, We just come out throw the user an error splash screen. It dint matter much to me. However If you had a business scenario - go to a different controller, build a session different way and send to a different page - How do you do? Have you had this situation? How would you resolve it?

Popular posts from this blog

One page Stock

Alright.. That was a long absence. The whole last week I dint blog. I dint go away. I was "occupied". I was learning stock trading. Its very fascinating. I have a good weeeked blog for you all. Here is my experience. I can literally hyper-link every word from the following paragraphs, but I am writing it as simple as I can so you can look up the italicised words in wikipedia . I got a paper trading account from a brokerage firm . You need one brokerage account first. Then it can be an Equity account where all your money is yours or a Margin account , where some of the money is lent by the brokerage firm. Then I get Buying power , which is the dollor value of how much stocks you can buy. I can make profit by simple rules. Buy when Price is low. Sell when price is high. There is another more intersting way of earning money. Selling short . Thats when price is not high, per say, but when are confident that the price WILL go down. then buy back when its lowest. This is what

Appcache manifest file issues/caveats

Application cache (appcache) is a powerful feature in HTML5. However, it does come with baggage. Many (see links below) advocated ferociously against it due to tricky issues it comes with. For someone who is just testing waters, these issues may throw them off grid. Knowing them before hand helps reduce some unpredictable effects.

classpath*: making your Modular Spring Resources

Spring gives multiple options to load XML resources for building contexts. the reference documentation does explain this feature quite well. However, I am taking my shot at explaining the different practical scenarios ( by order of growing modularisation) For Example, A simplest Spring based web Context Loader can be configured with resources like this <context-param> <param-name>contextConfigLocation</param-name> <param-value>applicationContext.xml</param-value> </context-param> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> You just need to put applicationContext.xml in WEB-INF/ folder of your webapp. However, Typically an application is n-tiered. You can also have multiple files setup and in relative paths. like <param-value> context-files/applicationContext.xml context-files/dao.xml context-files/service.xml </param-value>