aspose file tools*
The moose likes Spring and the fly likes Spring security: pass additional parameter when performing login Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Frameworks » Spring
Bookmark "Spring security: pass additional parameter when performing login" Watch "Spring security: pass additional parameter when performing login" New topic
Author

Spring security: pass additional parameter when performing login

Pavel Kazlou
Ranch Hand

Joined: Sep 07, 2009
Posts: 33
Hi.
In my application the first page the user gets is the login form. I handle the login action using spring 2 security. After the successful login user is directed to struts 2 action.
In this struts 2 action I have property which I would like to populate with user input (additional field inside login form).
To be able to populate this property of struts 2 action I need to set request parameter. The problem is that the request is controlled by spring security. I've tried adding input field to login form, but spring doesn't forward its value to struts action.

How can I solve this problem?
Pavel Kazlou
Ranch Hand

Joined: Sep 07, 2009
Posts: 33
The struts 2 action is bound to successful login using spring security configuration:

Pavel Kazlou
Ranch Hand

Joined: Sep 07, 2009
Posts: 33
All right, let's omit struts 2. How can I pass parameter to the request which is made after a successful authentication?
That's almost the same as modifying my configuration:



but myValue is a dynamic value, I can't hardcode it.
Pavel Kazlou
Ranch Hand

Joined: Sep 07, 2009
Posts: 33
You can try the following solution:
1. insert custom filter into spring security filter chain
2. inside this filter obtain http session and store there the value of request parameter

As we change the login form (adding another parameter) we need to customize spring representation of login form and spring login processing filter.
Here is the configuration:



MyAuthenticationProcessingFilter extends spring's org.springframework.security.ui.webapp.AuthenticationProcessingFilter, wraps attemptAuthentication method obtaining request parameter and storing it inside http session. This class is written just to show the idea, for better practice browse AuthenticationProcessingFilter code for username and password parameters.


You may notice that "myFilter" and "entryPoint" beans together define parameters that are otherwise defined by <form-login> element inside <http>. You use <form-login> when you want the default behavior. But in our case we use custom beans, so you should remove <form-login> element completely.
Now we need to tell <http> use our beans. "myFilter" bean is passed to spring chain by using <custom-filter> element inside bean definition:


"entryPoint" is passed to <http> using attribute:


Pavel Kazlou
Ranch Hand

Joined: Sep 07, 2009
Posts: 33
Pavel, thank you very much for the help, I appreciate it.
Hongli Li
Ranch Hand

Joined: Oct 29, 2006
Posts: 124
Pavel Kazlou wrote:Pavel, thank you very much for the help, I appreciate it.

WTH, you thank yourself for helping out yourself?


Do you know why this cup is useful? Because it is empty.
Mark Spritzler
ranger
Sheriff

Joined: Feb 05, 2001
Posts: 17250
    
    6

Hongli Li wrote:
Pavel Kazlou wrote:Pavel, thank you very much for the help, I appreciate it.

WTH, you thank yourself for helping out yourself?


Exactly, after 9 days he resolved his issue and was nice enough to post it here, so that if anyone else has the same situation, they can find a great answer.

Mark


Perfect World Programming, LLC - Two Laptop Bag - Tube Organizer
How to Ask Questions the Smart Way FAQ
Sin Vince
Greenhorn

Joined: Sep 05, 2010
Posts: 1
Hi Pavel, thanks for your nice work
I do appreciate
Hernan Amaya
Greenhorn

Joined: Jul 01, 2010
Posts: 7
Thank you very much for your contribution, I needed to add recaptcha to my spring, struts2, webapp, login form, and this post saved me time and effort. Greetings.
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Spring security: pass additional parameter when performing login