Passing the extra parameter from login page Spring Security

We have implemented spring security with database using hibernate in previous post.
You can have a look at the previous post from the following link http://helicaltech.com/spring-security-with-hibernate/
We had seen spring security supports username and password from login page by default.
In this post we will learn how to pass extra parameter from login page to spring security.

We know how to add spring and spring security jar’s in application class path using maven and adding dependencies in pom.xml file. By default spring submit the page to j_spring_security_check which use UsenamePasswordAuthenticationFilter for authenticating user which extends the AbstractAuthenticationProcessingFilter class.

    Below are the steps for implementation

Step 1. Create the class which extends the UsenamePasswordAuthenticationFilter and override the two methods attemptAuthentication and obtainUsername

public Authentication attemptAuthentication(HttpServletRequest req,HttpServletResponse res)
throws AuthenticationException{
}
public String obtainUsername(HttpServletRequest req){
}

attemptAuthentication method takes the HttpServletRequest and HttpServletResponse arguments and return the Authentication object and obtainUsername takes the HttpServletRequest argument and return the String which contain the username and extra parameter passed by the login page with delimiter separator.
Below is class with business logic I chose the class name as ExtInpuParam.

public class ExtInpuParam extends
UsernamePasswordAuthenticationFilter {
private static final Logger logger = LoggerFactory
.getLogger(PreUsernamePasswordAuthenticationFilter.class);
private String extraParameter = "j_organization";
private String delimiter = ":";
@Override
public Authentication attemptAuthentication(HttpServletRequest request,
HttpServletResponse response) throws AuthenticationException {
logger.debug("Attempting for authentication. " + "j_username = "
+ request.getParameter("j_username") + ", j_password = "
+ request.getParameter("j_password"));
return super.attemptAuthentication(request, response);
}
@Override
protected String obtainUsername(HttpServletRequest request) {
String username = request.getParameter(getUsernameParameter());
logger.debug("username = " + username);
String extraInput = request.getParameter(getExtraParameter()) == null ? ""
: request.getParameter(getExtraParameter());
logger.debug("extraInput = " + extraInput);
String combinedUsername = "";
String extParam = extraInput.trim();
logger.debug("extParam = " + extParam);
if (extParam.length() == 0) {
combinedUsername = username;
} else {
combinedUsername = username + getDelimiter() + extraInput;
}
logger.debug("returning combinedUsername = " + combinedUsername);
return combinedUsername;
}
/**
* @return The parameter name which will be used to obtain the extra input
* from the login request
*/
public String getExtraParameter() {
return this.extraParameter;
}

/**
* @param extraParameter
* The parameter name which will be used to obtain the extra
* input from the login request
*/
public void setExtraParameter(String extraParameter) {
this.extraParameter = extraParameter;
}

/**
* @return The delimiter string used to separate the username and extra
* input values in the string returned by
* obtainUsername()
*/
public String getDelimiter() {
return this.delimiter;
}

/**
* @param delimiter
* The delimiter string used to separate the username and extra
* input values in the string returned by
* obtainUsername()
*/
public void setDelimiter(String delimiter) {
this.delimiter = delimiter;
}

}

I passed the extra parameter name as j_organization from login page and adding delimiter “:” with username obtainUsername method will return the uername with extra parameter and “:” separator. In userDetails class you will get the username and extra parameter.

Step 2. Add j_organization instance field with getter and setter in user model class.

Step 3.
Please refer to the code in the below snapshots for the steps to be followed for Step No 3.
spring security

spring security 2

Step 4. Login.jsp page

<form name='loginForm'
action="" method='POST'>

Organization:
User:
Password:

Thankyou
Muqtar Ahmed
Helical IT Solutions