You can try the following solution:
1. insert custom filter into spring security filter chain
2. inside this filter obtain http session and store there the value of request parameter
As we change the login form (adding another parameter) we need to customize spring representation of login form and spring login processing filter.
Here is the configuration:
MyAuthenticationProcessingFilter extends spring's
org.springframework.security.ui.webapp.AuthenticationProcessingFilter, wraps
attemptAuthentication method obtaining request parameter and storing it inside http session. This class is written just to show the idea, for better practice browse
AuthenticationProcessingFilter code for username and password parameters.
You may notice that "myFilter" and "entryPoint" beans together define parameters that are otherwise defined by
<form-login> element inside
<http>. You use
<form-login> when you want the default behavior. But in our case we use custom beans, so
you should remove <form-login> element completely.
Now we need to tell
<http> use our beans. "myFilter" bean is passed to spring chain by using
<custom-filter> element inside bean definition:
"entryPoint" is passed to <http> using attribute: