How to call extra parameter from login form into CustomAuthenticationProvider

Question

I seen other post about this but still doesnt find appropriate answer.

My form submitted have three parameter instead of two.

Here my CustomAuthenticationProvider:

@Component
public class CustomAuthenticationProvider implements AuthenticationProvider {
private static final Logger logger = LoggerFactory.getLogger(CustomAuthenticationProvider.class);

@Override
public Authentication authenticate(Authentication auth) throws AuthenticationException {
    String userName = auth.getName().trim();
    String password = auth.getCredentials().toString().trim();
    String companyName ;


    if (userName.equals("admin") && password.equals("123456")) {
        List<GrantedAuthority> grantedAuths = new ArrayList<>();
        grantedAuths.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
        Authentication upat = new UsernamePasswordAuthenticationToken(userName, password, grantedAuths);
        logger.info("{}:{}",userName,grantedAuths);
        return upat;

    } else {
        return null;
    }
}

@Override
public boolean supports(Class<?> auth) {
    return (UsernamePasswordAuthenticationToken.class.isAssignableFrom(auth));
}

I want to get extra parameter from login form to authenticate the companyName in CustomAuthenticationProvider

How can I get the parameter from the login form?

Please show your spring security config ... – ArunM Feb 05 '16 at 04:10 — ArunM, Feb 05 '16 at 04:10
thanks for your intention,already got my answer :) – FreezY Feb 05 '16 at 04:21 — FreezY, Feb 05 '16 at 04:21

score 2 · Accepted Answer · edited May 23 '17 at 12:24

After a research and major modified from another post , I came to solution by inject AuthenticationDetailsSource and WebAuthenticationDetails . So I will share the solution here:

First create new class for custom filter to get the parameter:

class ExtraParam extends WebAuthenticationDetails {

private static final long serialVersionUID = 1L;
private final String company;

public ExtraParam(HttpServletRequest request) {
    super(request);
    this.company = request.getParameter("company");
}

public String getCompanyName() {
    return company;
}   
}

Then create the source class for injection :

class ExtraParamSource implements AuthenticationDetailsSource<HttpServletRequest, ExtraParam> {

public ExtraParam buildDetails (HttpServletRequest context) {

return new ExtraParam(context);
}
}

After then, modified your spring security xml to identified the class and filter:

Add authentication-details-source-ref="ExtraParam" in your <form-login like this :

<form-login ... authentication-details-source-ref="ExtraParamSource"... />

And dont forget the bean :

<beans:bean id="ExtraParamSource" class="com.xxx.xxx.xxx.ExtraParamSource"/>

Then Finish! thats all. To get the parameter just use like this example below :

@Component
public class CustomAuthenticationProvider implements AuthenticationProvider{


@Override
public Authentication authenticate(Authentication auth) throws AuthenticationException {
String userName = auth.getName().trim();
String password = auth.getCredentials().toString().trim();
String companyName = ((ExtraParam)auth.getDetails()).getCompanyName();

....

References :

1)How to pass an additional parameter with spring security login page

How to call extra parameter from login form into CustomAuthenticationProvider

1 Answers1