- Add an interface to be called after successful authentication to enhance userdetail Because there are some userdetails attributes that are not required during the authentication phase, but after successful authentication, they need to be placed in userdetails. This can improve authentication efficiency and security to a certain extent.
- Expand the content of org. springframework. security. authentication. event. InteractiveAuthenticationSuccessEvent. Add the request header and request parameters to it. In some asynchronous listeners, it is necessary to obtain some attribute information of the request for logging purposes
Comment From: jzheaux
Thanks for the suggestions, @wash1983.
1
It makes sense to me that there might be some data that you want to load only after authentication has succeeded. In that case, I think you should consider delegation like so:
@Bean
AuthenticationProvider extendedAuthenticationProvider(UserDetailsService users) {
AuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
authenticationProvider.setUserDetailsService(users);
return (request) -> {
Authentication result = authenticationProvider.authenticate(request);
if (result == null) {
return null;
}
return lookupAdditionalDetail(result); // you define this
};
}
instead of adding a new configuration option to DaoAuthenticationProvider.
2
Unfortunately, we can't do this since the event is declared in the core package, which does not depend on the Servlet API. Instead, consider subclassing InteractiveAuthenticationSuccessEvent and publish that. Or, use RequestContextHolder and your logger's MDC to preserve the values that you need.