Set textbox value to a Session variable in JSP form posting to j_spring_security_check
Question
I have index.jsp which posts to `j_spring_security_check. I am trying to set textbox value to a Session variable.
Below is my index.jsp
<form id="loginForm" name="loginForm" method="post" action="j_spring_security_check" autocomplete="off">
<label>email address</label>
<input type="text" name="j_username" id="username" autocorrect="off" autocapitalize="off" autocomplete="off" placeholder="email address" title="email address" />
<label>password</label>
<input type="password" name="j_password" id="password" autocorrect="off" autocapitalize="off" autocomplete="off" placeholder="password" title="password" />
<button type="submit" onclick="this.disabled=true; this.form.submit.click();"><spring:message code="v2.login.button" /></button>
</form>
Am trying to set the username value in Session but the form posts to j_spring_security_check, I dont really know how spring security works so am not really sure where to add the logic to put the username value in session. AM wondering is it feasible if so where do i add the logic?
Solution: When a login form posting to /j_spring_security_check UsernamePasswordAuthenticationFilter is invoked to authenticate user. below are the changes to put the username in session Added customUsernamePasswordAuthenticationFilter as below in security-applicationContext.xml
<beans:bean id="customUsernamePasswordAuthenticationFilter" class="com.datacert.core.security.filter.CustomUsernamePasswordAuthenticationFilter" >
<beans:property name="authenticationManager" ref="authenticationManager" />
<beans:property name="authenticationFailureHandler" ref="DCAuthenticationFailureHandler" />
<beans:property name="authenticationSuccessHandler" ref="DCAuthenticationSuccessHandler" />
</beans:bean>
And created a class which sets the username in session
@Primary
public class CustomUsernamePasswordAuthenticationFilter extends UsernamePasswordAuthenticationFilter {
public CustomUsernamePasswordAuthenticationFilter() {
super();
}
@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
throws AuthenticationException {
/*
* String username = super.obtainUsername(request); if (username != null && !StringUtils.isEmpty(username)) {
* HttpSession session = request.getSession(); session.setAttribute("username", username); }
*/
return super.attemptAuthentication(request, response);
}
}
1 answers
solution1
1 ACCPTED 2014-08-25 04:03:01
In Spring security the authentication object is kept in SecurityContext .
To get the Authentication object get it from org.springframework.security.core.context.SecurityContextHolder#getContext()
SecurityContext securityContext = SecurityContextHolder.getContext();
Object principal;
String username;
if(null != securityContext.getAuthentication()){
principal = securityContext.getAuthentication().getPrincipal();
username = securityContext.getAuthentication().getName();
}
Value of username will be the username used in authentication. Value of principal will be the principal object. Many of the authentication providers will create a UserDetails object as the principal.
Ref: SecurityContext , Authentication and SecurityContextHolder
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.