In my application, I am using LDAP authentication. But I have 2 remote services, which requires authentication via method login (username, password). The law gives a security token, which helps me to invoke other methods, that is, I must first provide a security token for service methods in the form of logic.
So I want to login these security tokens immediately after using LDAP SecurityContext. I tried to use the authentication-success-handler-riff of the form-login element using the handler I used in the SecurityContext with custom integration token authentication < / Em> change the object which keeps the security token not only the password. But in this case I have an exception that no authentication provider does not support this class of token. I know that it is also possible to store tokens in an HTTP session but in this case I have to pass the service object to the session, so I would like to store the tokens in the security content.
What is the best way to handle the service security token?
I often Authentication.getDetails () objects to store additional information , Which can not be linked directly to the per-user user. Therefore you can store any object in that field (for example a Hashmap) and it shares the authentication object life cycle.
hashmap & lt; String, Object & gt; Info = New Hashmop & lt; String, Object & gt; (); Info.put ("extraInfo", "info"); Auth.setDetails (info); ... map & lt; String, Object & gt; I = (map & lt; string, object & gt;) SecurityContextHolder.getContext (). GetAuthentication.getDetails (); 
Comments
Post a Comment