Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authentication Success and Failure Handlers in AbstractPreAuthenticatedProcessingFilter #3764

Closed
wants to merge 3 commits into from
Closed

Authentication Success and Failure Handlers in AbstractPreAuthenticatedProcessingFilter #3764

wants to merge 3 commits into from

Conversation

shazin
Copy link
Contributor

@shazin shazin commented Mar 17, 2016

Fixes #3389

@rwinch
Copy link
Member

rwinch commented Mar 20, 2016

Thanks for the PR!

I'm curious what your scenario is for needing authentication success / failure handlers in pre authentication? Pre authenticated scenarios means that authentication has already occurred (i.e. using container based authentication, a proxy server like SiteMinder, etc). This means if there is success or failure in authentication it would happen outside of Spring Security (just as authentication did).

Another concern I have is that we cannot make non-passive changes to our default values. The changes in existing tests tells me that we need to restore the default behavior.

@rwinch rwinch self-assigned this Mar 20, 2016
@rwinch rwinch added the status: waiting-for-feedback We need additional information before we can continue label Mar 20, 2016
@shazin
Copy link
Contributor Author

shazin commented Mar 21, 2016

One of the Reasons I worked on this issue after seeing this is that I actually had to override unsuccessfulAuthenticationof AbstractPreAuthenticatedProcessingFilter in my previous job.

The use case we have was indeed a Pre Authenticated Header Token but the Header Token was mapped to a user in the DB. And a user must be activated after registration before he is allowed to login into the system. In that use case we have to manually do this.

Similar use cases may be applied for this change.

@rwinch
Copy link
Member

rwinch commented Mar 22, 2016

@shazin Thanks for the response. I am ok with adding the handlers, but the default behavior would need to be the same.

@shazin
Copy link
Contributor Author

shazin commented Mar 23, 2016

The default behavior is restored with the ability have an Optional Authentication Success and Failure Handler.

@rwinch rwinch added in: web An issue in web modules (web, webmvc) type: enhancement A general enhancement and removed status: waiting-for-feedback We need additional information before we can continue labels Mar 25, 2016
@rwinch rwinch added this to the 4.1.0 milestone Mar 25, 2016
@rwinch rwinch changed the title Authentication Success and Failure Handlers in AbstractPreAuthenticatedProcessingFilter #3389 Authentication Success and Failure Handlers in AbstractPreAuthenticatedProcessingFilter Mar 25, 2016
@rwinch rwinch added the status: duplicate A duplicate of another issue label Mar 25, 2016
@rwinch
Copy link
Member

rwinch commented Mar 25, 2016

Thanks for the PR! This is now merged into master via 1bc7060

@rwinch rwinch closed this Mar 25, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@rwinch rwinch

Labels
in: web An issue in web modules (web, webmvc) status: duplicate A duplicate of another issue type: enhancement A general enhancement
Projects
None yet
Milestone
4.1.0 RC2
Development

Successfully merging this pull request may close these issues.
2 participants
@shazin @rwinch