How to make extra validation in Spring Security login form?

Question

I wonder how to make extra validation on login form before it will be processed by Spring Security. I\'m thinking about some LoginController, LoginForm bean, but i don\'t kn

Answer 1

You could subclass UsernamePasswordAuthenticationFilter:

http://static.springsource.org/spring-security/site/docs/3.0.x/apidocs/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilter.html

You could override the attemptAuthentication() method, have it call super.attemptAuthentication(), and if that returns a non-null Authentication object, perform your additional work (to see if the user checked the box).

http://static.springsource.org/spring-security/site/docs/3.0.x/apidocs/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilter.html#attemptAuthentication(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)

The docs for how to specify your customer filter are here:

http://static.springsource.org/spring-security/site/docs/3.0.x/reference/ns-config.html#ns-custom-filters