0

I have been following this post on how to create an entry point into my spring mvc 3.1 web application for someone to login using a json request.

Spring Security and JSON Authentication

I've got a question about the code below. Inside attemptAuthentication I am adding extra request parameters which are json specific. And then I try to access those parameters in obtainUsername and obtainPassword but the parameters are not there.

public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
        throws AuthenticationException {

    if ("application/json".equals(request.getHeader("Content-Type"))) {
        StringBuffer sb = new StringBuffer();
        String line = null;

        BufferedReader reader;
        try {
            reader = request.getReader();
            while ((line = reader.readLine()) != null){
                sb.append(line);
            }                                   

            //json transformation
            ObjectMapper mapper = new ObjectMapper();
            JsonLoginRequest loginRequest = mapper.readValue(sb.toString(), JsonLoginRequest.class);

            String jsonUsername = loginRequest.getJ_username();
            request.setAttribute("jsonUsername", jsonUsername);

            String jsonPassword = loginRequest.getJ_password();
            request.setAttribute("jsonPassword", jsonPassword);

            String jsonStore = loginRequest.getJ_store();
            request.setAttribute("jsonStore", jsonStore);             

        }
        catch (JsonParseException e) {

            e.printStackTrace();
        } catch (JsonMappingException e) {

            e.printStackTrace();
        } 
        catch (IOException e) {

            e.printStackTrace();
        }                       
    }

    String usernameParameter = obtainUsername(request);
    String password = obtainPassword(request);

When I do this jsonUsername and jsonStore don't exist even though I added them above.

@Override
protected String obtainUsername(HttpServletRequest request) {
    String combinedUsername = null;
    if ("application/json".equals(request.getHeader("Content-Type"))) {
        String jsonUsername = request.getParameter("jsonUsername");
        String jsonStore = request.getParameter("jsonStore");            
        combinedUsername = 
                jsonUsername + 
                SecurityConstants.TWO_FACTOR_AUTHENTICTION_DELIM + 
                jsonStore;      

    }else {
        String username = super.obtainUsername(request);
        String store = request.getParameter(SecurityConstants.STORE_PARAM);
        String hiddenStore = request.getParameter(SecurityConstants.HIDDEN_STORE_PARAM);
        combinedUsername = 
                username + 
                SecurityConstants.TWO_FACTOR_AUTHENTICTION_DELIM + 
                store + 
                SecurityConstants.TWO_FACTOR_AUTHENTICTION_DELIM +
                hiddenStore;            
    }   
    return combinedUsername;
}

Can someone help me with what is wrong? thanks

Community
  • 1
  • 1
Richie
  • 4,989
  • 24
  • 90
  • 177
  • You are adding request attributes NOT request parameters. You cannot add parameters to your request, to make that possible you will have to wrap the original request and add some additional logic for the adding of the parameters. – M. Deinum Aug 04 '14 at 06:00
  • oh god. I'm so sorry. Silly mistake. Thanks for taking a look at this. – Richie Aug 04 '14 at 08:19

0 Answers0