File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Spring security: pass additional parameter when performing login

 
Pavel Kazlou
Ranch Hand
Posts: 33
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi.
In my application the first page the user gets is the login form. I handle the login action using spring 2 security. After the successful login user is directed to struts 2 action.
In this struts 2 action I have property which I would like to populate with user input (additional field inside login form).
To be able to populate this property of struts 2 action I need to set request parameter. The problem is that the request is controlled by spring security. I've tried adding input field to login form, but spring doesn't forward its value to struts action.

How can I solve this problem?
 
Pavel Kazlou
Ranch Hand
Posts: 33
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The struts 2 action is bound to successful login using spring security configuration:

 
Pavel Kazlou
Ranch Hand
Posts: 33
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
All right, let's omit struts 2. How can I pass parameter to the request which is made after a successful authentication?
That's almost the same as modifying my configuration:



but myValue is a dynamic value, I can't hardcode it.
 
Pavel Kazlou
Ranch Hand
Posts: 33
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can try the following solution:
1. insert custom filter into spring security filter chain
2. inside this filter obtain http session and store there the value of request parameter

As we change the login form (adding another parameter) we need to customize spring representation of login form and spring login processing filter.
Here is the configuration:



MyAuthenticationProcessingFilter extends spring's org.springframework.security.ui.webapp.AuthenticationProcessingFilter, wraps attemptAuthentication method obtaining request parameter and storing it inside http session. This class is written just to show the idea, for better practice browse AuthenticationProcessingFilter code for username and password parameters.


You may notice that "myFilter" and "entryPoint" beans together define parameters that are otherwise defined by <form-login> element inside <http>. You use <form-login> when you want the default behavior. But in our case we use custom beans, so you should remove <form-login> element completely.
Now we need to tell <http> use our beans. "myFilter" bean is passed to spring chain by using <custom-filter> element inside bean definition:


"entryPoint" is passed to <http> using attribute:


 
Pavel Kazlou
Ranch Hand
Posts: 33
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Pavel, thank you very much for the help, I appreciate it.
 
Hongli Li
Ranch Hand
Posts: 124
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Pavel Kazlou wrote:Pavel, thank you very much for the help, I appreciate it.

WTH, you thank yourself for helping out yourself?
 
Mark Spritzler
ranger
Sheriff
Posts: 17276
6
IntelliJ IDE Mac Spring
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hongli Li wrote:
Pavel Kazlou wrote:Pavel, thank you very much for the help, I appreciate it.

WTH, you thank yourself for helping out yourself?


Exactly, after 9 days he resolved his issue and was nice enough to post it here, so that if anyone else has the same situation, they can find a great answer.

Mark
 
Sin Vince
Greenhorn
Posts: 1
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Pavel, thanks for your nice work
I do appreciate
 
Hernan Amaya
Greenhorn
Posts: 7
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you very much for your contribution, I needed to add recaptcha to my spring, struts2, webapp, login form, and this post saved me time and effort. Greetings.
 
Consider Paul's rocket mass heater.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic