Spring Security如何正确应用过滤器以从URL获取参数

Question

In spring security I need to have custom authentication with param from site that user trying to get access, for example:

User trying to access:

 myapp.com/res?param=value

In authentication process I need this value from param, how can I get this?

Also I have custom UserDetailsService where I need this param .

I was trying something like this:

 public class MyFilter extends UsernamePasswordAuthenticationFilter {


@Override
public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain arg2)
        throws IOException, ServletException {

    HttpServletRequest request = (HttpServletRequest) arg0;
    System.out.println("\n\n"+request.getRequestURI().substring(request.getContextPath().length()) +"\n\n");
    super.doFilter(arg0, arg1, arg2);
     }
 }

Which I apllied:

@Override
protected void configure(HttpSecurity http) throws Exception {

    http.addFilterAfter(
              new MyFilter(),  BasicAuthenticationFilter.class);    

    http
    .authorizeRequests()
        .anyRequest().authenticated()
        .and()
    .formLogin()
        .and()
    .httpBasic();       
}

This filter print out the url with my param but how Can I provide this in my custom UserDetailsService ? Also I'm not sure this filter is properly.

I use spring-security 5.0.0 with spring 5.0.2

Thanks,

Answer 1

how Can I provide this in my custom UserDetailsService ?

By using Spring built-in request handlers.

@RestController
public class UserDetailService {

    @RequestMapping(value = "/res", method = RequestMethod.GET)
    public void getRes(
       @RequestParam(required = false, defaultValue = "value", value="param") final String param) {

         // param contains the value of the parameter in the URL

    }
}

More on this here , here and here .

---

You should use the filter only to validate the requests and block them if needed.

All business logic should be implemented in the @Controller and @Service classes.