3

What I want to do is read a http-parameter on my login page, e.g. login.html?param=value, and then pass value to my AuthenticationProvider. My idea was to somehow save value in a hidden parameter, but I still don't know how to pass it on. Is this possible? How do I go about to do it?

Edit: Following Sanath's advice and after doing some reading I was finally able to solve the problem -- look below if you're interested in how I did it.

ingenious
  • 966
  • 10
  • 20
  • for spring based login, the best option is to use spring security.. form action="spring_security_check" – Sanath Mar 14 '13 at 14:39
  • I am using spring security and I believe what you meant is: form action="j_spring_security_check". But still how do I pass custom parameter-value pairs to my AuthenticationProvider? Maybe I'm too blind to see something obvious here, but please try explaining yourself in some more detail. – ingenious Mar 14 '13 at 14:44
  • u mean something else than the username and password fields(j_username & j_password)? – Sanath Mar 14 '13 at 14:47
  • if that's what you want, this answer might hep you. http://stackoverflow.com/questions/10074308/how-to-pass-an-additional-parameter-with-spring-security-login-page – Sanath Mar 14 '13 at 14:49
  • yes, something else, a generic parameter, e.g. promoCode=foobar and depending on promoCode, I would like to be able to take specific actions in the authentication process. – ingenious Mar 14 '13 at 14:50
  • That seems more like roles and permissions. – Sotirios Delimanolis Mar 14 '13 at 14:54
  • @Sanath thanks, it seems like WebAuthenticationDetails is exactly what I've been searching for. – ingenious Mar 14 '13 at 14:58

1 Answers1

6

I did the following and finally it worked like a charm.

In my bean configuration file I had to enter:

<http auto-config="true>
  ...
  <form-login ... authentication-details-source-ref="myWebAuthDetSource"/>
  ...
</http>
<beans:bean id="myWebAuthDetSource" class="com.my.pack.age.MyWebAuthDetSource"/>
...

then I've set up my WebAuthenticationDetailsSource implementation like this:

public class MyWebAuthDetSource implements AuthenticationDetailsSource<HttpServletRequest, MyWebAuthDets> {
  public MyWebAuthDetSource buildDetails (HttpServletRequest context) {
    return new MyWebAuthDets(context);
  }
}

then I've got my AuthenticationDetails implementation like:

public class MyWebAuthDets extends WebAuthenticationDetails {
  private final String parameter;
  public MyWebAuthDets(HttpServletRequest request) {
    super(request);
    this.parameter = request.getParameter("paramId");
  }
}

And then I overlook the most simple fact, that the authentication process processes only what it gets on submit from the login form, so I simply had to add the following in login.jsp:

...
<form id="j_spring_security_check" ... >
  <input type="hidden" name="paramID" value="${param['paramID']}" />
  ...
</form>
...

And that was all. Now I can add an authenticationProvider and get my parameter with .getDetails() from the authenticationToken.

Thanks again @Sanath.

ingenious
  • 966
  • 10
  • 20