CODEWITHSUNDEEP
javaspringspring-security
leshka
leshka

Reputation: 1794

Spring security: How to persist each anonymous user?

  1. What I need:

For each new user visiting my site I create a MyUser object (doesn't matter what this class consists of) and persist it to DB.

And I want this object to be used each time user with same sessionId come on my site.

For me it looks almost like anonymousAuthentication. So I disabled it and replaced with my own filter:

<http auto-config="true">
    ...
    <anonymous enabled="false"/>        
    <custom-filter ref="userGeneratorFilter" position="ANONYMOUS_FILTER"/>
</http>

I thought that securityContext contains principal for previously authenticated user but it looks like one of the filters in filterchain adds it manually for each request.

In other words each time I get into my UserGeneratorFilter.doFilter

SecurityContextHolder.getContext().getAuthentication() == null;

So how can I understand whether I need to create a new MyUser object or take an existing one from data base?

ps. I think I've choosen kind of a wrong way=( Few words about my task: I want unauthorized user to have limited access to my resource but when he registers I want all the data he entered while being unauthorized to be merged into his normal account.

Thank you for your attention. Each time I write that sentence moderators remove it. But I will never stop writing it=)

Upvotes: 2

Views: 792

Answers (2)

Grzegorz Gajos
Grzegorz Gajos

Reputation: 2363

There are options in spring security that tells how security should handle session migration, maybe that would be helpful for you.

Upvotes: 0

Ali
Ali

Reputation: 12664

Just set a cookie which does not expire with something like a CookieID or a VisitorID that identifies the user. check for this cookie when people visit your site, it should identify the user.

Upvotes: 2

Related Questions