java - Best practices handling authentication data in a Spring web application -

-

i know question answered in subjective way, i'd know if there best practice handle authenticated user data in spring web application.

i mean: need retrieve user id authenticated user in several classes of service layer of application.

at moment i'm getting principal object autowired in controller methods:

@requestmapping("/some/path", method = requestmethod.get) public string getbyid(@requestparam integer id, principal principal){ ... }

and pass principal.getname() in every method invocation, example:

// service class method public void dosomething(integer id, string username){      // retrieve user username app db }

i know call:

authentication auth = securitycontextholder.getcontext().getauthentication();

in service layer current authenticated user, i'm wondering if bad design application.

what's common way handle authentication data? should retrieve need or should pass "through levels" of application?

you can add post authentication handler

1. login security xml 

	  <form-login login-page="/login.jsp"      			authentication-success-handler-ref="authenticationsuccesshandler"      			authentication-failure-url="/login.jsp?error=true" />      		<logout logout-success-url="/login.jsp" />    		      	</http>      	<beans:bean id="authenticationsuccesshandler" class="com.login.authenticationsuccesshandler">      		<beans:property name="defaulttargeturl" value="/dashboard" />      	</beans:bean>

2. java class

        package com.login;          import java.io.ioexception;          import javax.servlet.servletexception;          import javax.servlet.http.httpservletrequest;          import javax.servlet.http.httpservletresponse;          import javax.servlet.http.httpsession;                    import org.springframework.beans.factory.annotation.autowired;          import org.springframework.security.core.authentication;          import org.springframework.security.core.context.securitycontextholder;          import org.springframework.security.web.authentication.savedrequestawareauthenticationsuccesshandler;                    import com.commonfunction.commonfunction;                    public class authenticationsuccesshandler extends          savedrequestawareauthenticationsuccesshandler {          	@autowired           	commonfunction commonfunction;          	/**          	 * override method set session after           	 * authentication          	 * prince 5/5/16          	 */          	@override          	public void onauthenticationsuccess(httpservletrequest request,          			httpservletresponse response, authentication authentication)          					throws ioexception, servletexception {          		super.onauthenticationsuccess(request, response, authentication);          		httpsession session = request.getsession(true);                    		try {          			authentication auth=securitycontextholder.getcontext().getauthentication();          			loginbean login=(loginbean)auth.getprincipal();          			session.setattribute("vendorid",login.getvendorid());          			session.setattribute("loginid",login.getusername());          			session.setattribute("username",login.getvendorname());          			session.setattribute("vendortype",login.getvendortype());          			session.setattribute("navigationlist",commonfunction.getnavigationcontent(request));          			          			system.out.println("successfully authenticate:"+login.getvendorid());          		} catch (exception e) {          			logger.error("error in getting user()", e);          			e.printstacktrace();          		}           	}                    }


Comments

Post a Comment

Popular posts from this blog

sql - invalid in the select list because it is not contained in either an aggregate function -

-
i can't figure out rewrite sql statement avoid error below msg 8120, level 16, state 1, line 26 column 'staffmember.staffmemberid' invalid in select list because not contained in either aggregate function or group clause. sql statment select (select [dbo].[udf_readstaffmemberbasic](sm.staffmemberid) xml path ('staffmembersummary'), root ('items'), type ), count(sm.staffmemberid) totalresults, ceiling(cast(count(sm.staffmemberid) decimal)/ @pagesize) totalpages staffmember sm inner join staffmembertoadditionalrole ar on sm.staffmemberid = ar.staffmemberid (sm.firstname '%' + @name + '%' or sm.surname '%' + @name + '%') , (@floorid null or sm.floorid = @floorid) , (@directorateid null or sm.directorateid = @directorateid) , (@additionalroleid null or ar.additionalroleid = @additionalroleid) order sm.staffmemberid offset @page * @pagesize rows fe...
Read more

Angularjs unit testing - ng-disabled not working when adding text to textarea -

-
i trying test angularjs component using karma, mocha, power-assert. have textarea , button in component, button disabled based on length of text in textarea. when run component in browser works perfectly. can't figure out how test functionality. here's bit of code. inquiryform.js function inquiryform($scope) { // plan add logic here } angular.module('myapp').component('inquiryform', { controller: inquiryform, controlleras: 'inquiryform', templateurl: 'inquiryform.html' }); inquiryform.html <div class="contact"> <div>thanks contacting us.</div> <form> <textarea ng-model="inquiryform.inquirytext" name=""></textarea> <input type="submit" value="send" ng-disabled="!inquiryform.inquirytext.length"> </form> </div> inquiryformtest.js describe('inquiry form ', () => { let $r...
Read more

How to start daemon on android by adb -

-
can me please, head swollen... i trying run daemon on android emu/device command: adb -s <device_name> shell su -c /dir/daemon <port_number> but nothink happens, , no errors! if do: adb -s <device> shell and form shell cmdline: su -c /dir/daemon <port_number> than work fine. try use shell-script , run: adb -s <device_name> shell sh su -c /dir/script.sh <port_number> and try generate script qt code port number , use: adb -s <device_name> shell sh su -c /dir/script.sh but not helped... problem if enter adb shell previous run daemon - work. problem on different device/emu/iso_image different command format not work. example: adb -s <device_name> shell su -c /dir/daemon <port_number> // work @ emu, not @ iso and vice: adb -s <device_name> shell su -c "/dir/daemon <port_number>" // work @ iso etc. everybody can answer what's matter? sorry english adb shell su -c ...
Read more