How implement Spring security when login page having more field apart from user name and password?

Question

I have a login page where the user need put the below information VIN number,email, zip code and accessCode which they will get from different application.

So to val

Answer 1

First of all, I would solve your problem differently. I would do a multi step authentication. The first would be a traditional user name / password login, using spring security's default model. The second step would be to show another form which would have to be filled up by the user to provide additional details for authentication, which your application wants to enforce.

Regardless, if you want to continue customizing the spring security model to ask more details on login in in a single step. Follow the steps reference in the previous answer from @Petr. And then to access session attributes in your UserDetailsService class, use the http://static.springsource.org/spring/docs/2.0.8/api/org/springframework/web/context/request/RequestContextHolder.html class provided by Spring.

You can get access to currentRequestAttributes(), which returns a RequestAttributes object. You can query the RequestAttributes object to get the desired attribute from the desired scope.

Note: This is a static method, which means its not going to be friendly to unit test.

You can also downcast RequestAttributes to ServletRequestAttributes if you want to get access to the underlying HttpServletRequest

Hope this helps.