Ben wrote:
-snip- Ive made isPasswordCorrect protected (see CVS).
You should be able to subclass DaoAuthenticationProvider,
override this method, and achieve the desired functionality.
-snip-
Thanks for doing this but I had problems with the Authentication object that DaoAuthenticationProvider returns on a successful login.
I experimented with adding a protected createSuccessAuthentication method but I'm afraid this is beginning to corrupt the DaoAuthenticationProvider code.
So instead I wrote an interceptor to "advise" DaoAuthenticationProvider's authenticate method.
This only works because DaoAuthenticationProvider exposes its AuthenticationDao with a getter.
Do you see any problems with this approach. It appears to work great.
-Scott
Do you Yahoo!?
Yahoo! Mail - You care about security. So do we.