Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
SEC-1534: Want BasicAuthenticationFilter to throw InteractiveAuthenticationSuccessEvent #1775
I use Spring Security 3.0.4 and our system uses several Authentication Filters.
When a user log-in, UserPasswordAuthenticationFilter and OpenIDAuthenticationFilter, RememberMeAuthenticationFilter throws InteractiveAuthenticationSuccessEvent.
However, BasicAuthenticationFilter does not throw InteractiveAuthenticationSuccessEvent.
I'd like BasicAuthenticationFilter to throw InteractiveAuthenticationSuccessEvent.
There is another option using AuthenticationSuccessEvent.
Luke Taylor said:
I think the main reason for the different behaviour is that basic authentication is not necessarily "interactive" in the sense that it is often used with web services etc. Is there some specific reason why you need this rather than being able to use the AuthenticationSuccessEvent published by the AuthenticationManager?
Hatanaka, Akihiro said:
I'm sorry for late response.
My system uses some authentication systems(including Basic, OpenID, Form) and I want to detect which system does user uses for authentication.
AuthenticationSuccessEvent does not have information like InteractiveAuthenticationSuccessEvent's generatedBy property, so I want to use InteractiveAuthenticationSuccessEvent.