I am working on a legacy app that uses Spring Security 2.0.4. I have created a custom AbstractPreAuthenticatedProcessingFilter and PreAuthenticatedAuthenticationProvider. They create and authenticate the user based on an email address sent as a parameter in the request that comes from the customer's login server. (Not very secure I know but that's the requirements)
This all works fine but my problem is that I need to create a custom cookie once the user is authenticated so they can access the app outside the current session without having to be redirected by the login server.
I have no access to the HttpServletRepsonse object in AbstractPreAuthenticatedProcessingFilter or PreAuthenticatedAuthenticationProvider so I can't just set a cookie in the response. I can implement RememberMeServices into the AbstractPreAuthenticatedProcessingFilter class but I'm not sure if this is the right way to go about it.
Can anyone point me into the right direction? Do I need to create custom remember me functionality? All I want to do is set a cookie (if one doesn't already exist) once the user is authenticated. Then for future requests, I can verify the cookie in the AbstractPreAuthenticatedProcessingFilter and return an authenticated principal.
Fixed without creating any new filters or messing with remember-me (which really doesn't have much to do with pre authentication)
I simply overrode: AbstractPreAuthenticatedProcessingFilter#successfulAuthentication This gives me access to the HttpServletRepsonse and it only fires on successful authentication.