Spring Security PreAuthentication using External SSO & Cookies.

In this story, I am going to explain how we can achieve PreAuthentication in Spring Security using external Session Manager and Cookies.

Step 1: Cookie creation with sessionId.

In this step, we are going to create a class which implements AuthenticationSuccessHandler and will add code to hit external session manager to get sessionId and store in the cookie.

Below class code which interacts with External Session Manager for 3 operations:

a. create a session for the logged user.

b. validate the session by sessionId.

c. invalidate the session by sessionId.

Step 2: Configure Spring-Security.xml.

Below steps, to configure success handler, pre-auth filter, logout filter and customer authentication manager.

Step 3: Create a Pre-Authentication Filter.

This step is to create pre-authentication filter to skip login if cookie having validates sessionId and get user details.

We have to create a class by implementing AuthenticationUserDetailsService and need to add loadUserDetails method which can hit LDAP or Local DB to fetch user details.

Also, we need to create a pre-authentication success handler class to redirect the control to the home page.

Also, we need to create an AuthenticationEntryPoint class to redirect to login page if cookies don't have valid details.

Step4: create a logout filter.

This step is to create a logout filter to clean cookies and invalidate the session.

Thank you for reading this article.

Please use below Github project link-https://github.com/SonuSingh200190/spring-security-sso.git