1

I'm using Spring MVC and Spring Security for the authentication. I'm doing the login with username and password but I would like to send two more parameters. Is there any way to do that?

This is the login form:

<form action="#" th:action="@{/auth/login}" th:object="${loginBean}"  method="post">  
    <input type="hidden" th:field="*{timezone}" th:value="*{timezone}" />
    <input type="hidden" th:field="*{language}" th:value="*{language}" />
    <input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />
    <input type="text" placeholder="Email" th:field="*{username}" required="required" 
        title="Email pattern does not match" pattern="^[_A-Za-z0-9-\+]+(\.[_A-Za-z0-9-]+)*@[A-Za-z0-9-]+(\.[A-Za-z0-9]+)*(\.[A-Za-z]{2,})$"/>
    <span th:if="${#fields.hasErrors('username')}" th:errors="*{username}">Email Error</span>
    <input type="password" placeholder="Password" th:field="*{password}" required="required" />
    <span th:if="${#fields.hasErrors('password')}" th:errors="*{password}">Password Error</span>
    <button type="submit" id="login-button">Login</button>                      
</form>

I would like to send the timezone and language in the login too.

And the AuthenticationProvider:

@Component
public class CustomAuthenticationProvider implements AuthenticationProvider {

    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        String name = authentication.getName();

        // You can get the password here
        String password = authentication.getCredentials().toString();

        TokenDTO t = new TokenDTO();
        t.setIdioma("en-US");

        //try {

        CustomUserService  userService = new CustomUserService();

        UserDetails user =  userService.loadUser(name, password);

        if (user == null)
            throw new BadCredentialsException("Username not found.");

        Collection<? extends GrantedAuthority> authorities = user.getAuthorities();

        Authentication auth = new UsernamePasswordAuthenticationToken(user, user.getPassword(), authorities);

        return auth;     
    }

    @Override
    public boolean supports(Class<?> authentication) {
        return authentication.equals(UsernamePasswordAuthenticationToken.class);
    }
}

Is it possible to send more params in the authentications?

Improve this question
1

2 Answers 2

Reset to default
3

1.You can create a custom filter CustomUsernamePasswordAuthenticationFilter, It will look something like this:

public class CustomUsernamePasswordAuthenticationFilter extends UsernamePasswordAuthenticationFilter{

    @Override
    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
        final String languageParam = request.getParameter("language");
        request.getSession().setAttribute("language", languageParam);
        System.out.println("Filter" + languageParam);
        // You can do your stuff here
        return super.attemptAuthentication(request, response); 
    } 
}

2.In Security config create a bean for your custom filter

@Bean
public UsernamePasswordAuthenticationFilter authenticationFilter() {
    CustomUsernamePasswordAuthenticationFilter authFilter = new CustomUsernamePasswordAuthenticationFilter();
    List<AuthenticationProvider> authenticationProviderList = new ArrayList<AuthenticationProvider>();
    authenticationProviderList.add(authenticationProvider);
    AuthenticationManager authenticationManager = new ProviderManager(authenticationProviderList);
    authFilter.setAuthenticationManager(authenticationManager);
    authFilter.setUsernameParameter("username");
    authFilter.setPasswordParameter("password");
    return authFilter;
}

3.In security config configure addFilter for http, it will be something like this

@Override
protected void configure(HttpSecurity http) throws Exception {

  http.authorizeRequests()
    .antMatchers("/").permitAll()
    .antMatchers("/home").access("hasRole('ROLE_USER')")
    .antMatchers("/admin/**").access("hasRole('ROLE_ADMIN')")
    .antMatchers("/api/**").access("hasRole('ROLE_ADMIN') or hasRole('ROLE_API')")
    .and()
    .formLogin()
    .loginProcessingUrl("/login")
    .loginPage("/loginPage")
    .failureUrl("/loginPage?error")
    .defaultSuccessUrl("/home")
    .usernameParameter("username")
    .passwordParameter("password")
    .and()
    .exceptionHandling()
    .accessDeniedPage("/Access_Denied").and()
    .addFilterBefore(authenticationFilter(), UsernamePasswordAuthenticationFilter.class);


}

If you want these additional values in your controller , you can add HttpServletRequest request parameter and fetch values from session like this.

request.getSession().getAttribute("language");
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Thanks! I'm trying your solution, but custom filter isn't called when I try to log.I have added as you said in the Segurity Config.
I ested it with custom authenticationProvider implementation, and it works for me, May be you need to provide custom authenticationProvider.
Even with a custom authentication provider, this didn't work for me. What actually did work was @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { ... }
-1

You have to implement a custom Authentication and do as detailed in the post above.

Edit: In your CustomAuthenticationProvider you should return a custom Authentication object. You can achive that implementing your class that implements the Authentication interface.

Improve this answer

1 Comment

Can you elaborate on your solution. Please describe the step in your post instead of just providing a link. OP shouldn't have to click on a link to get the answer (So if the link goes down your anwer is still relevent)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.